Security Management Strategies for the CIO-
11 May 2012 ICO fines Welsh health board £70,000 for patient record loss (SearchSecurityUK.com)
For the first time, the ICO fines an NHS organisation for sending patient data to the wrong person.
-
10 May 2012 BeyondTrust acquires eEye Digital Security for vulnerability management
Analysts say eEye’s vulnerability and configuration management capabilities are a good fit with BeyondTrust’s privilege management and AD integration.
Going after the middlemen in the fight against financial cybercrime (Security Bytes blog)
The FBI and SOCA successfully executed Operation hAVoC, going after the middlemen, or carders, in the fight against financial cybercrime.
-
09 May 2012 Companies lagging on cloud security training (Security Bytes blog)
Symantec survey indicates companies don’t feel prepared to secure public cloud but aren’t leaping to get trained.
Microsoft: Windows Vista infections outpace Windows XP (Security Bytes blog)
A security update addressing the Windows Autorun feature was likely a factor in driving down the infection rate in Windows XP, Microsoft said.
PCI virtualization compliance still a challenge (SearchCloudSecurity.com)
No black and white when it comes to PCI compliance in virtualized environments, experts say.
-
08 May 2012 May 2012 Patch Tuesday: Microsoft fixes Duqu Trojan ghost code
Experts suggest patience when dealing with this month’s round of Microsoft updates.
-
07 May 2012 McAfee and Intel cloud computing security strategy unveiled (SearchCloudSecurity.com)
Companies offer up collection of technologies to help overcome enterprise concern about cloud security.
-
04 May 2012 Adobe pushes patch for actively exploited Flash Player vulnerability
Adobe is addressing a zero-day flaw in Flash Player being used by cybercriminals in email attacks targeting Internet Explorer users.
-
03 May 2012 Android mobile attack: Hacked websites target Android users
For the first time, cybercriminals are using compromised websites to conduct drive-by attacks targeting Google Android users.
Creativity in information security awareness training (Security Bytes Blog)
Information security awareness training programs must be creative and visually compelling to grab users’ attention and ensure they remember the security lessons.
Microsoft program breach led to early RDP vulnerability exploit
Microsoft said a member of its confidential Active Protections Program leaked information that prompted an exploit targeting a flaw patched in March.
Microsoft to fix 23 vulnerabilities in May 2012 Patch Tuesday
Microsoft said it plans to address flaws in Windows, Office, Silverlight and the .NET Framework.
SOCA takes its website offline in DDoS response (SearchSecurityUK.com)
Just days after SOCA shut down carder sites, the agency was the victim of a DDoS attack, leading SOCA to takes its website offline.
-
02 May 2012 Analysis: Oracle trips on TNS zero-day workaround (Security Bytes blog)
Oracle's refusal to patch a zero-day in its flagship database management system is another example of how it carelessly exposes customers to risk.
GlobalPayments breach update explains scope of lapse
The payment processor breach is believed to be under 1.5 million credit cards, but the company indicated on Tuesday that banks are issuing a “wide net to protect customers
SSC's new PCI point-to-point encryption guidance outlines testing procedures
New PCI DSS guidance on point-to-point encryption outlines product testing requirements, and urges more merchant-acquirer collaboration.
Virtualization security best practices in wake of ESX code leak (Security Bytes blog)
Virtualization security experts offer advice as organizations wait for more details about code leak.
-
01 May 2012 Oracle won’t patch four-year-old zero-day in TNS listener
Despite the accidental release of attack code for a bug in Oracle’s database, the company won’t change the code for fear of “regression.”
-
27 Apr 2012 CISPA threat intelligence bill passes House (Security Bytes blog)
The Cyber Intelligence Sharing and Protection Act (CISPA), clears security vendors of any liability for sharing customer attack data with federal officials.
Infosecurity 2012: Survey proves value of security awareness programme (SearchSecurityUK.com)
According to the latest findings from PwC, better end-user security training can pay off in fewer breaches.
SOCA shuts down network of CVV sellers' carder sites (SearchSecurityUK.com)
The Serious Organised Crime Agency shut down 36 CVV sellers who were selling stolen credit card and banking credentials to buyers around the world.
-
26 Apr 2012 For data security, cloud customers need DIY approach (Security Bytes Blog)
To ensure data security, cloud computing customers must accept a do-it-yourself approach, rather than relying on providers for security.
Infosecurity 2012: ICO opposes mandatory data breach notification (SearchSecurityUK.com)
Information Commissioner Christopher Graham calls mandatory breach disclosure for all companies unnecessary, saying voluntary disclosure is working.
-
25 Apr 2012 AWS Marketplace offers one-click cloud security (Security Bytes blog)
Endpoint protection and vulnerability assessment are among the offerings in Amazon’s new AWS Marketplace cloud shop.
Java, HTML exploits via Black Hole toolkit dominate attacks, Microsoft says
The Black Hole Exploit toolkit is behind the bulk of the HTML and Java exploits, according to version 12 of the Microsoft Security Intelligence Report.
VMware downplays ESX hypervisor source code leak (SearchCloudSecurity.com)
Company says source code was leaked online but says may not mean increased risk.
-
24 Apr 2012 Google Vulnerability Reward Program increases, Microsoft unfazed
Google increased the reward for a code execution bug to $20,000. Microsoft remains against a bug bounty.
Investigation reveals serious cloud computing data security flaws (SearchSecurityUK.com)
Context Information Security found that data stored by a cloud customer could be accessed by the next customer to spin up a VM on the same disk.
-
23 Apr 2012 Shared philosophy aids FBI agent’s move to security startup CrowdStrike
Attackers are already in the network, so if companies aren’t monitoring activity, they’re not doing enough, said Shawn Henry of CrowdStrike.
-
20 Apr 2012 ISBS 2012 report: Security slow to adapt to new technologies (SearchSecurityUK.com)
PwC’s ISBS 2012 report, which will be presented at Infosecurity 2012, shows security teams react too slowly to threats from new technologies.
-
19 Apr 2012 Geer: More redundancy, manual processes can cut IT infrastructure risk
Luminary Dan Geer says IT infrastructure risk can be reduced by boosting Internet resiliency and by planning backup processes should the Net go down.
PCI assessor and CISO: Work together for the best PCI ROC
In a session at the SOURCE Boston conference, a PCI assessor and a CISO explain that there are ways to arrive at a report on compliance they can both appreciate.
-
18 Apr 2012 Anonymous hacking group member pleads ‘not guilty’ in police website attack
An Ohio man reportedly associated with Anonymous pleaded not guilty on Monday to charges of hacking two Utah police websites.
Cloud security vendors win funding (Security Bytes blog)
VCs bet their money on cloud security technologies.
HP study finds widespread custom Web application flaws
A review of hundreds of unique custom Web applications found more than half are vulnerable to cross-site scripting and more than 86% contain injection flaws.
Probing Anonymous hacktivists a serious challenge for researchers
Security researchers try to get a better understanding of their adversary, but probing Anonymous is proving to be a difficult challenge.
-
16 Apr 2012 HP warns of malware in HP ProCurve switches flash cards
HP has notified customers that some ProCurve 5400 zl switches were shipped that contained compact flash cards infected with malware.
-
13 Apr 2012 BYOD security policy, not MDM, at heart of smartphone security
Effective security policies, not a mobile device management platform, will solve corporate mobile device security issues, according to a security expert.
Report: Corporate mobile device policy must align security, job roles (SearchSecurityUK.com)
In the debate between BYOD and company-issued devices, a new report compares mobile platforms and recommends devices based on users’ job roles.
-
12 Apr 2012 Defining a full security threat (Security Bytes Blog)
How would you define a security threat? The correct answer could score the funding you need for your next security project.
-
11 Apr 2012 2012 IPv6 summit convenes in Colorado (Window on WANs blog)
Attendance is up at the largest regional IPv6 event of the year which is addressing IPv4 depletion and government mandates.
Azure boosts CSA’s STAR (Security Bytes blog)
Cloud Security Alliance transparency effort expands with addition of Windows Azure.
Dangerous Samba vulnerability affects all Linux systems
The commonly used tool contains an error that can be executed remotely by attackers, giving them root access to a system. Proof-of-concept code is available, experts warn.
-
10 Apr 2012 Hunting for application logic flaws requires people, expert says
Rafal Los, a software security expert and consultant with Hewlett Packard, says humans far outgun automated tools in the hunt for costly application logic flaws.
Microsoft April 2012 Patch Tuesday repairs critical IE flaws, ActiveX control issue
Microsoft repaired 11 vulnerabilities in April, including a critical update to its Internet Explorer browser and an ActiveX fix that affects a variety of software and server systems.
-
09 Apr 2012 Business and IT security alignment is off (Security Bytes blog)
Aligning IT security with business goals is nice, but is it always realistic? Mandates from management often clash with the industry’s ideal characterization of an IT security leader.
Gary McGraw: Build security in from start ([In]security column)
If the field of computer security is to be fixed, the only hope we have is building security in, says software security expert Gary McGraw.
-
05 Apr 2012 April 2012 Patch Tuesday: Microsoft to issue six bulletins, four critical
Microsoft’s six bulletins include critical server repairs, Internet Explorer updates and a critical update of its .NET Framework.
Prepare now for more stringent U.S. data privacy laws (Security Bytes Blog)
U.S. data privacy laws will soon become more pervasive and more strictly enforced. Security teams should prepare their organizations for the new rules.
-
04 Apr 2012 ENISA offers governance guide for cloud computing contracts (SearchCloudSecurity.com)
European agency provides framework for monitoring cloud provider security after a contract is signed.
Industry is doomed by automation, misguided IT security strategy, experts warn
Blunt experts at InfoSec World said enterprise IT security strategy often misses the mark, but some attendees suggested the experts are out of touch.
TIBCO to acquire SIEM vendor LogLogic (Security Bytes Blog)
TIBCO, an integration software company with little security experience, will purchase one of the few remaining viable standalone SIEM vendors. Terms were not disclosed.
-
03 Apr 2012 Expert: Data breach response plans, investigations should include local cops
State, county and local law enforcement should play a role in data security breach investigations, says Nick Selby, an IT security consultant and police officer.
Experts say it's time for a mobile security review (Security Bytes Blog)
There are many mobile device management (MDM) platforms, but they may be unnecessary if you can use the security features native to the devices.
Global Payments breach exposes PCI shortcomings (Security Bytes Blog)
Payment processor Global Payment is the latest poster child for PCI shortcomings and shoddy data security.
Security information management systems aspire to real-time security
Today’s security information management systems (SIM) are excellent forensics tools, but they haven’t yet achieved status as effective real-time security tools.
-
02 Apr 2012 Expert advocates for more effective pen tests, less complex security
A security expert warns organizations against buying the latest and greatest security technology and advocates for more effective pen testing at InfoSec World Conference and Expo 2012.
Global Payments hopes to soon regain PCI compliance after breach
Following a breach that leaked approximately 1.5 million payment card numbers, Global Payments is now working to achieve PCI compliance once again.
-
30 Mar 2012 Column: The remote access security crisis (SearchSecurity)
Is there really such a thing as secure remote access? Editor Eric B. Parizo says there are too many security-related remote access problems to ignore.
Likely Visa, MasterCard security breach linked to third-party processor
The credit card giants tell banks that a third-party payment processor may have been breached, causing the loss of tens of thousands of card numbers.
SIEM deployment case study shows patience is required (SearchSecurityUK.com)
Williams Lea’s SIEM is already helping reduce manual log reviews. But there’s still a lot of work to be done before the SIEM can be fully deployed.
-
29 Mar 2012 Adobe Flash Player patch fixes critical holes, releases silent automatic updater
Adobe released a bulletin addressing critical flaws in Flash Player and rolled out a silent automatic update feature in Flash 11.2
Future of SIEM market hinges on past mistakes (Security Bytes Blog)
The SIEM market had a rocky start, but recent technology advancements have made SIEM products easier and more reliable.
-
28 Mar 2012 MDM market consolidation: Coming to a vendor near you? (SearchConsumerization.com)
Mobile device management is about to undergo major market consolidation. IT pros worry about the effect on their relationships with MDM vendors.
Verizon sheds some light on cloud breaches (Security Bytes Blog)
Verizon says cloud breaches are more about giving up control of assets rather than technology vulnerabilities.
Web browser attacks aimed at plug-ins despite rise in flaws, IBM finds
An IBM report found a slight increase in browser-based vulnerabilities, but security features are driving attackers to target components rather than the browser itself.
-
27 Mar 2012 Facebook attacks illustrate need for education (Security Bytes Blog)
Stolen Facebook account credentials could potentially give attackers access to the victim’s corporate network.
For website owners, UK cookie law causing confusion, uncertainty (SearchSecurityUK.com)
A survey of digital marketing professionals found some companies plan to take no action to comply with UK cookie law before the May 26 deadline.
-
26 Mar 2012 ISP’s anti-botnet code of conduct accomplishes little (Security Bytes Blog)
Leading ISPs sign the U.S. Anti-Bot Code of Conduct, which stops short of demanding ISPs provide a clean pipe to customers.
Microsoft attempts legal action to disrupt some Zeus botnets (SearchFinancialSecurity.com)
Legal and technical actions could disrupt some Zeus botnet operations by seizing command-and-control servers in Pennsylvania and Illinois.
-
23 Mar 2012 F5 Vault program embraces incentives for F5 firewall, security sales (SearchSecurityChannel.com)
The Vault partner program uses incentives to increase visibility for F5 firewalls and its architecture bundle.
Microsoft vows to improve cloud service after Azure outage (Security Bytes blog)
Software giant said it will apply lessons learned after Leap Day outage of its cloud service.
UK IT spending 2012: Security budgets show growth, CompTIA survey says (SearchSecurityUK.com)
CompTIA found IT security budgets are growing for most UK organisations. However, UK IT managers report a shortage of skilled security professionals.
-
22 Mar 2012 2012 Verizon DBIR: Hacktivists make impact on data breach statistics
The Verizon DBIR says hacktivists conduct opportunistic attacks targeting mainly large businesses using tactics akin to a smash-and-grab burglary, stealing any data they can access.
Verizon 2012 DBIR recommends log analysis and password management
The 2012 DBIR highlights prevalent problems with simple, relatively inexpensive recommendations.
Verizon DBIR 2012: Automated large-scale attacks taking down SMBs
The Verizon DBIR says cybercrime groups automate attacks against SMBs with lax controls on remote access services and point-of-sale systems.
Verizon data breach report boasts new contributors (Security Bytes Blog)
Good news for the security industry: More countries contributed to the 2012 Verizon data breach report.
Verizon data breach report highlights continuing POS vulnerabilities (SearchSecurityUK.com)
Improperly secured point-of-sale systems continue to offer an easy target to cybercriminals according to the 2012 data breach report from Verizon.
-
21 Mar 2012 Top 10 mobile risks list highlights fundamental weaknesses (Security Bytes blog)
An OWASP team has unveiled a non-hyped list of weaknesses and how to properly mitigate them.
-
20 Mar 2012 Ponemon Cost of Data Breach Report finds expenses declining for first time
The seventh annual Ponemon Cost of Data Breach Report analyzed 49 U.S. companies and found organizations with CISOs and a formal incident response plan helped cut costs.
Symantec acquires Nukona for MDM, mobile application control
Analyst says move is important step in addressing the need for mobile application control and document management capabilities.
University researchers document Android adware privacy risks
Researchers at NC State found that ad libraries used in Android apps access personal information unnecessary for proper functionality.
-
19 Mar 2012 Professional developers behind Duqu Trojan (Security Bytes Blog)
The Duqu Trojan’s communications module was written in a custom version of C—indicating a sophisticated professional development team at work.
-
16 Mar 2012 Attack code surfaces for Microsoft RDP vulnerabilities
Antimalware vendors say proof-of-concept exploit code has surfaced on several Chinese websites. Experts recommend patching Windows systems now.
-
15 Mar 2012 Can a security association bring us all together? (Security Bytes Blog)
Vendors and government call for security pros from different organizations to work together, but will our competitive nature stand in our way?
NSA mobile security plan could be industry roadmap (Security Bytes blog)
Tight controls over the mobile device and the use of VPN tunnels could be employed in enterprise mobile security plans.
UK firms have trust in cloud service security, but reality disappoints (SearchSecurityUK.com)
UK firms believe moving some IT projects to the cloud will improve their overall security, yet they end up feeling less secure after the move.
-
14 Mar 2012 Dell-SonicWall deal: Next-generation firewall boosts data center play (SearchNetworking.com)
The Dell-SonicWall acquisition broadens Dell’s increasingly formidable data center infrastructure and services strategy with a next-generation firewall product.
Getting serious about tablet security risks and user training (SearchSecurityUK.com)
With increasing tablet security risks, the time has come to get serious about user education. UK Bureau Chief Ron Condon prescribes a new mindset.
HP releases new SIRM platform for risk management
HP released a new security intelligence and risk management platform, integrating security technologies from its portfolio of security products.
Staff IT skills gap hinders security efforts, CompTIA reports
A gap in IT skills affects business productivity and negatively impacts cybersecurity, despite security being a high priority, according to report.
Taking control of smartphone proliferation while avoiding user anarchy (SearchSecurityUK.com)
With smartphone proliferation raging through companies, IT teams are turning to MDMs to keep corporate data safe. Are current MDMs up to the task?
-
13 Mar 2012 Dangerous Microsoft RDP vulnerabilities repaired in Patch Tuesday
Vulnerability experts call the Microsoft Remote Desktop Protocol flaws dangerous and say they should be quickly addressed by patching admins.
Information security roles and the cloud (Security Bytes blog)
How will security pros’ jobs change as cloud use grows?
Thoma Bravo sells next-gen firewall, UTM vendor SonicWall to Dell
Dell’s security portfolio expands with purchase of unified threat management and next generation firewall vendor SonicWall from private equity firm.
-
12 Mar 2012 Apple Configurator provides free iOS device management for IT (SearchConsumerization.com)
A new free app, Apple Configurator, allows businesses to deploy, manage, and configure more than one iOS device. It’s not MDM, but it’s a step in the right direction.
Avast leads, Microsoft free antivirus gaining in AV market share report
An analysis of installed endpoint security applications found Avast with a strong lead in the global antivirus market, followed by Avira, AVG, Microsoft and ESET.
Do we need zero-day research? (Security Bytes blog)
Vulnerability research is at a crossroads as bug hunters in pursuit of zero-day vulnerabilities and exploits feel pressure from the security community.
-
09 Mar 2012 New mobile security statistics show consumers fearful of mobile spam (SearchSecurityUK.com)
A survey of UK consumers found trust in mobile device security is declining as more users fall prey to mobile spam.
-
08 Mar 2012 Changes to European privacy laws foreshadow serious business impact (Security Byte Blog)
Changes to the data protection regulations are on the way for the European Union, and the fallout in Europe serves as a good case study for U.S. businesses.
Six bulletins, one critical, expected for March 2012 Patch Tuesday
Microsoft’s March bundle of updates repairs seven vulnerabilities, including a critical Windows flaw.
-
07 Mar 2012 How CloudFlare’s website service protected LulzSec (Security Bytes blog)
The LulzSec hacking group signed used CloudFlare to protect its website. CloudFlare CEO Matthew Prince shared how the service defended the site against attacks.
Verizon data breach report shows weak passwords at root of 2011 data breaches
Weak and default passwords are at the root of many data security breaches investigated by Verizon in 2011.
-
06 Mar 2012 Adobe Flash Player update repairs two vulnerabilities, introduces “Priority” ratings
Adobe Flash Player update addresses two vulnerabilities that can be targeted by attackers to execute malicious code and obtain sensitive information.
Feds announce Anonymous, LulzSec arrests
Alleged Anonymous, LulzSec hackers charged in connection with attacks on Sony, PBS, HBGary and others.
How to manage the compliance cycle to improve your compliance strategy
Too often, organizations jam all their compliance tasks into the quarter when the audit is due. Read advice for reducing compliance fatigue.
Trustwave acquires M86 Security for SaaS, managed security services
The company, which has made many acquisitions in the last five years, faces integration challenges as it moves more broadly into SaaS, managed security services, analyst says.
What are the best Android mobile security apps? (Security Bytes blog)
A security testing firm analyzed the malware detection capabilities in dozens of Android mobile security apps. Only 17 made the trustworthy list.
-
02 Mar 2012 Debating PCI DSS compliance in the contact center and the ‘police state’: Two perspectives (Voices of CRM)
A contact center and a PCI security expert discuss PCI DSS’s stringent physical facility requirements and how contact centers can prepare for them in a two-part podcast.
Experts say Android malware research can help Android app security
Android malware research experts at RSA Conference 2012 say using free tools to spot Android malware trends can help foster greater Android app security.
OpenDNS hires Websense CTO, readies enterprise strategy (Security Bytes Blog)
DNS provider said it plans a big move into enterprise security market.
-
01 Mar 2012 Can SMBs sue their bank and recover losses from a hacked bank account?
RSA Conference 2012 panelists discussed court rulings on liability for hacked bank accounts, and gave advice to security pros for protecting financial assets.
Copycat apps, runaway coding a growing threat, RSA panel says
Despite application store controls set by Apple and Google, a panel of mobile application security experts say the potential exists for weaponized applications.
Dan Kaminsky offers unconventional wisdom on security innovation
Luminary Dan Kaminsky, known for his DNS research, pushed RSA Conference 2012 attendees toward security innovation by upending conventional wisdom.
FBI Director Mueller: For U.S., cybersecurity threats will surpass terrorism
At RSA Conference 2012, FBI Director Robert Mueller said the bureau is ramping up to fight cybersecurity threats and boost information-sharing efforts.
Hacking back puts security on the offensive
Two penetration testers at RSA Conference 2012 explain how enterprises can hack back against attackers and stay within legal and ethical boundaries.
More than hype: Security big data helps bank to boost security program (SearchFinancialSecurity.com)
At RSA Conference 2012, Zions Bancorporation detailed how it harvested security big data using a Hadoop-based security data warehouse.
RSA 2012: Forget about hacktivists, say security experts (ComputerWeekly.com)
Businesses should forget about hacktivists and concentrate on getting the security basics right, a panel of IT security practitioners told attendees of RSA Conference 2012 in San Francisco
RSA 2012: Rationalise security compliance obligations for greater efficiency, says Microsoft (ComputerWeekly.com)
Meeting compliance obligations, passing audits and dealing with false alarms can distract information security professionals from keeping data secure, but Microsoft has found ways of managing the...
To get help with secure software development issues, find your own flaws
RSA Conference 2012 experts say finding and sharing real internal secure software development issues is the best motivator for change.
-
29 Feb 2012 'Active defense' experts call for larger role for U.S. Cyber Command
Two former NSA chiefs argued at RSA Conference 2012 for more "active defense" information sharing and a larger security role for U.S. Cyber Command.
CISOs fear lack of mobile device control, visibility, survey finds
Security professionals cite a lack of control and visibility into mobile devices as a major issue. Devices must be locked out of some organizations.
Developers must improve mobile app security or face backlash, experts say
Poorly coded mobile applications and the inability to protect the back-end systems supporting them, harms the integrity of the entire application ecosystem, said software security expert Jacob West...
Microsoft's Charney warns of big data privacy, security challenges
RSA 2012: In addition to lauding a decade of Trustworthy Computing, Microsoft's security chief says big data privacy and security must be addressed.
Mobile device attacks to enable more enterprise network intrusions
Mobile device attacks will rank among the top threats enterprises face in the coming months, serving as a pivot point for bigger network intrusions.
Plan ahead for cloud computing breaches in cloud contracts, experts say (SearchCloudSecurity.com)
Organizations need to plan ahead for possible cloud breaches, legal experts advise.
RSA 2012: RSA takes market-leader position seriously, says Heiser (ComputerWeekly.com)
RSA takes its market-leader position seriously to pull together the IT security industry, says Tom Heiser, president of RSA.
RSA 2012: SSL certificate authority security takes a beating
Researcher Moxie Marlinspike came down on certificate authority security at RSA Conference 2012, calling for trusted notary servers as an alternative.
Security pros need to get in front of cloud computing trend, RSA panel says (SearchCloudSecurity.com)
Security teams need to innovate and adapt to cloud, according to CISO panel
-
28 Feb 2012 RSA Conference 2012 keynote prescribes intelligence-driven security
RSA’s Arthur Coviello urged security pros to break down silos and intelligence-driven security programs, or face a tough year.
Research into cryptographic system limitations crucial, RSA panel says
Researchers testing some of the most relied upon cryptographic algorithms are making progress in breaking them, according to experts on the 2012 RSA Conference Cryptographer’s Panel.
-
25 Feb 2012 CrowdStrike to make RSA 2012 debut with Android attack via Webkit
Firm led by well-known security experts George Kurtz and Dmitri Alperovitch will focus on defending against targeted attacks.
-
24 Feb 2012 Windows security case study: Controlling Windows 7 user privileges (SearchSecurityUK.com)
After migrating from Windows XP to Windows 7, Oxford University Press used Avecto’s Privilege Guard to control Windows 7 user privileges.
-
22 Feb 2012 Cyberespionage attacks shine harsh light on security technology failures
High-profile attacks on Nortel, RSA and others have thrust cyberespionage attacks into the spotlight ahead of RSA Conference 2012
IBM QRadar adds X-Force threat intelligence to SIEM system
Big Blue unveils integration of its Q1 Labs acquisition giving IT security pros the ability to add rule-based alerts using threat intelligence feeds.
RSA 2012 talk to offer help understanding IPv6 security issues
Understanding IPv6 security issues can be a challenge, but the protocol's co-inventor says enterprises can no longer afford to ignore IPv6 security concerns.
-
21 Feb 2012 Mobile security, BYOD policy issues to trend at RSA 2012, analysts say
BYOD policy issues are a big concern for enterprises grappling to secure employee smartphones and tablets, say analysts previewing RSA 2012.
-
17 Feb 2012 RSA Conference 2012 to highlight digital trust
A panel previewing the 2012 RSA Conference said gaining visibility into an enterprise’s partners and other third-party services has become a serious challenge.
-
16 Feb 2012 Adobe issues Flash Player update, fixes Adobe XSS zero-day flaw
An Adobe Systems security update fixed seven critical flaws in Flash Player, including a cross-site scripting vulnerability being actively targeted by attackers.
Security startups to unveil new security technology at RSA 2012
One firm will leave RSA 2012 with the “Most Innovative” title, but industry experts say they all contribute in bringing the security industry up to par with sophisticated malware and hacking...
-
14 Feb 2012 February 2012 Patch Tuesday: Critical IE, Windows kernel flaws fixed
Flaws in Internet Explorer and the Windows C Runtime library could be used to gain access to system files and download additional malware onto a victim’s machine.
Infosec certifications valuable in security job market, (ISC)2 finds
Survey of more than 2,000 IT security pros finds many getting raises and promotions despite lagging economy and tighter IT budgets.
New MDM service ties Apple, Android devices to Active Directory
Centrify mobile security supports Apple iOS and Google Android devices and can connect them to Microsoft Active Directory, but it lacks the robust management features found in major MDM suites,...
-
13 Feb 2012 Remote administration software weaknesses plague businesses
Attackers are finding an easy way into corporate networks often by targeting remote management weaknesses. Poorly configured software can lead to a data security breach.
-
10 Feb 2012 Study finds attacks slip past spotty patch management policies (SearchSecurityUK.com)
A study finds attackers targeting firms with poor patch management policies, exploiting vulnerabilities that should have been patched years ago.
-
09 Feb 2012 Android app security offers IT little comfort, despite Google Bouncer (SearchConsumerization.com)
Google’s new Bouncer tool aims to relieve some IT woes by scanning Android Market apps for malware. But Android app security concerns remain.
February 2012 Patch Tuesday to address 21 vulnerabilities
Microsoft plans to fix coding errors in Internet Explorer, .NET Silverlight and Microsoft Office.
Online Trust Alliance guide offers tips for data protection strategies (SearchCompliance.com)
With the number and severity of breaches increasing, data protection strategies are vital. To help, the Online Trust Alliance has released a guide to online data protection.
Survey: Types of DDoS attacks on the rise due to hacktivist groups (SearchSecurityUK.com)
New DDoS statistics suggest hactivist groups are to blame for an increase in the number and types of DDoS attacks across the Internet.
-
08 Feb 2012 Marty Roesch pushes collective analysis, underscores cyberthreat intelligence
Sourcefire CTO Marty Roesch introduced cloud-based analysis for threat intelligence gathering. Network security monitoring platforms like RSA NetWitness may be headed in a similar direction.
Web application vulnerability statistics show security losing ground (SearchSecurityUK.com)
New Web application vulnerability statistics show the number of vulnerabilities is rising, despite the use of Web application development frameworks.
-
07 Feb 2012 Longstanding network security problems plague enterprises, Trustwave finds
While organizations focus on mobile security and other emerging threats, an analysis of more than 2,000 penetration tests conducted by Trustwave found older threats often overlooked.
Survey results: VARs report customers’ IT spending 2012 expectations (SearchSecurityChannel.com)
VARs expect customers to increase spending on security more than any other IT area in 2012. See which security segments will grow the most.
-
06 Feb 2012 Adobe issues support for Flash Player sandboxing in Firefox
Adobe has launched the pubic beta of a new Flash Player sandbox feature for Firefox users, making attacks more difficult for cybercriminals.
Nothing funny about SCADA and ICS security
A researcher calls the state of industrial control system security “laughable” and warns of the consequences of unpatched critical infrastructure that is reachable over the Internet.
-
03 Feb 2012 Adobe makes pitch for defensive security research to cripple exploit writing
Adobe security and privacy director Brad Arkin urges the security industry to develop technologies that make exploit writing costly.
Microsoft spurs Browsium to rewrite tool for running IE6 on Windows 7 (SearchSecurityUK.com)
Microsoft has spurred Browsium to rewrite its tool for running IE6 on Windows 7, limiting the security threat posed by continued use of IE6.
-
02 Feb 2012 SEC filing: VeriSign security breach in 2010 was limited, execs say
In an October 2011 regulatory filing, VeriSign said its corporate network was breached in 2010, exposing data on a “small portion” of its systems.
-
01 Feb 2012 Symantec issues new pcAnywhere security guide following flaw resolution
Organizations that have applied the latest patches should follow more stringent security best practices to guard against external attacks.
-
31 Jan 2012 Cridex Trojan breaks CAPTCHA, targets Facebook, Twitter users
The banking Trojan variant Cridex can break CAPTCHA tests in just a few attempts, allowing it to create malicious email accounts used for spamming and propagating the virus.
IBM enters mobile device management market via BigFix integration
Beta version of IBM Endpoint Manager for Mobile Devices supports Apple iOS, Google Android, Symbian and Microsoft Windows Phone devices.
-
30 Jan 2012 Email providers push DMARC email authentication to combat phishing
DMARC creates an authentication loop that could help people determine the legitimacy of an email.
Phoenix Exploit Kit responsible for mass WordPress compromises
Security firm M86 Security has discovered hundreds of WordPress websites compromised by Phoenix.
-
27 Jan 2012 Fake Firefox update delivers malware, exploit kits
Malicious webpages masquerading as browser updates are being used by attackers as launch pads for Trojan viruses and exploit kits.
Malicious Android applications may have infected millions, Symantec warns
More than a dozen malicious Android applications on the Android Market contain a hidden Trojan that can steal information, download more files and display advertisements on the device.
McAfee adds SMS filtering, smartphone threat intelligence to Android security app
Mobile application supports Android smartphones and tablets with virus scanning and protection from Web threats and SMS attacks.
Panel debates cloud computing governance issues (SearchCloudSecurity.com)
Problems with data governance in the cloud aren’t much different than traditional outsourcing.
Time to ban dangerous apps? Exploring third-party app security
Column: Third-party applications are notoriously hard to patch and often easy to exploit. Is it time to ban applications, or can they be secured with a new approach?
-
26 Jan 2012 European Commission data protection proposals draw hostile reaction (SearchSecurityUK.com)
Reaction to the European Commission data protection proposals has been largely negative, as many believe the new rules are costly and misdirected.
Understanding data security breaches eclipses preventing them
Companies are spending more time investigating the source of data breaches and their impacts to reduce expenses, says a survey.
-
25 Jan 2012 Kelihos botnet operator named in Microsoft botnet lawsuit
Microsoft has named a Russian programmer as the one who wrote the malicious Kelihos code used to create a small botnet that peddled spam and child pornography.
New Epsilon CISO to expand security team, assess security practices
Newly appointed Epsilon CISO Chris Ray said he will take a step back and get a better understanding of the business before trying to address gaps.
Symantec pulls pcAnywhere, man-in-the-middle attacks are possible
Source code theft from Symantec’s systems in 2006 places pcAnywhere software at risk of being attacked. Company says software is bundled with many of its products.
-
24 Jan 2012 Black Hole kit fuels drive-by attacks, rogue antivirus declines, Sophos finds
The Black Hole crimeware kit has caused drive-by attacks to surge, according to the Sophos 2012 threat report.
Survey sheds light on SharePoint security concerns (SearchSecurityUK.com)
Respondents' top SharePoint security concerns include frustrated users who inadvertently or deliberately circumvent security policies.
Twitter acquires Dasient in security buying spree, Android platform focus
Web-based antimalware vendor Dasient is the second security firm acquired by Twitter in recent months. In November, Twitter acquired Android security vendor, Whisper Systems.
-
23 Jan 2012 HP TippingPoint revamps Pwn2Own hacking contest, removes mobile hacks
Popular Pwn2Own hacking contest at the CanSecWest conference will be fairer to contestants and winners with larger cash prizes, says TippingPoint.
-
20 Jan 2012 Cloud maturity model to help SMBs judge security of cloud providers (SearchSecurityUK.com)
CAMM, a new cloud maturity model, may be the key to helping organisations, and especially SMBs, evaluate the security of cloud providers.
PCI in the cloud: Segmentation, security compliance is possible, experts say (SearchCloudSecurity.com)
Merchants are ultimately responsible for locking down credit card data and maintaining PCI compliance, according to experts.
-
19 Jan 2012 Facebook users targeted by transformed Carberp Trojan
Attackers seize on the trust victim’s have in the social network by setting up a tricky man-in-the-browser attack and demanding $25 in cash.
Network security test: Crossbeam secures 1 million simultaneous users (SearchNetworking.com)
Crossbeam performed a network security test that emulated one million simultaneous mobile users on its network security hardware.
Symantec breach: Data breach basis of Norton source code leak
Investigators confirmed that a 2006 breach at Symantec Corp. is the root cause of a source code leak of its Norton Antivirus software.
-
18 Jan 2012 Oracle repairs two database flaws, issues 78 patches to product line
The two database patches represented a record low for repairs to Oracle’s database management system since the CPU program began in 2005.
-
17 Jan 2012 Website weaknesses at fault in T-Mobile hacktivist attack
A hacktivist group is claiming responsibility for exploiting website vulnerabilities and stealing the personal information of approximately 80 T-Mobile employees.
-
16 Jan 2012 RSA SecurID breach: Executives attempt to repair tarnished image
While the RSA SecurID breach cost EMC’s security division more than $60 million, executives admit it could take years to restore its tarnished image.
Symantec acquires LiveOffice for online data archiving
Symantec said the $115 million-dollar deal boosts its e-discovery business and offer security and antispam capabilities for on-premise and hosted email.
-
13 Jan 2012 Jericho founder: Get involved in plan for protecting identity online (SearchSecurityUK.com)
Respected identity expert Paul Simmonds says the NSTIC's identity project needs European involvement, or it may not meet Europe's needs.
-
12 Jan 2012 Android app malware exploits Carrier IQ controversy
Phony Android application checks for running Carrier IQ software, but then sends SMS messages to a premium rate number.
Despite recruiting uptick, 2011 IT security pay rates remain flat (SearchSecurityUK.com)
New figures show little fluctuation in IT security pay rates heading into 2012. However, recruitment is rising, along with contract staff hires.
FedRAMP cloud computing standards initiative spurs optimism, criticism (SearchCloudSecurity.com)
Federal cloud security framework aims to speed cloud security assessments and agency cloud adoption.
Stratfor unveils new website, improves security following breach
Intelligence firm CEO apologizes for failing to properly secure customer credit card data and email addresses. Firm now outsources processes to third-party payment processor.
Tools, services emerge for enterprise DNSSEC adoption
Tools, services and support are available, but experts believe a watershed moment is what is needed to push enterprises into DNSSEC adoption.
-
11 Jan 2012 Readiness team warns of spoofed US-CERT email addresses in phishing campaign
A phishing email campaign is targeting private and public sector organizations with phony US-CERT email addresses.
-
10 Jan 2012 Adobe repairs critical Reader, Acrobat flaws, adds JavaScript control
The January 2012 update includes repairs to Adobe Reader X and a new feature giving administrators the ability to whitelist JavaScript execution.
Microsoft January 2012 Patch Tuesday issues Windows Media fix, resolves SSL protocol weakness
Microsoft’s January 2012 Patch Tuesday included one critical security bulletin, addressing dangerous Windows Media errors that could be exploited remotely to gain access to a victim’s computer.
-
09 Jan 2012 Cattles' lost backup tapes highlight risk of unencrypted data storage (SearchSecurityUK.com)
Cattles Group lost backup tapes containing 1.4 million unencrypted customer records. The incident highlights the risks of removable storage.
Ramnit malware data out-of-date, social network says
A Facebook spokesperson said the malware is not propagating on the social network.
-
06 Jan 2012 Symantec source code theft: Threat is low to current products, vendor says
The leak affected Symantec’s endpoint protection and corporate antivirus software. Symantec recommends customers ensure their products are up to date.
-
05 Jan 2012 Care2 resets millions of account credentials following security breach
Care2, a social network that promotes a variety of causes, announced a data security breach Dec. 28 in which hackers targeted account credentials on the company servers.
January 2012 Patch Tuesday: Microsoft to fix eight flaws in Windows, developer tools
The software giant will issue seven bulletins, including one critical, as part of its January 2012 Patch Tuesday security updates.
Ramnit financial malware rips Facebook credentials
Researchers at security firm Seculert have discovered a cache of 45,000 Facebook login credentials tied to the Ramnit worm.
-
04 Jan 2012 Comet hit with lawsuit for alleged Microsoft Windows piracy (SearchSecurityUK.com)
Microsoft is suing Comet, alleging the electronics retailer sold counterfeit Windows backup discs, but Comet claims it was just good customer service.
Tilded platform responsible for Stuxnet, Duqu evasiveness
Researchers at Kaspersky Lab tie the Stuxnet worm and its sister Duqu Trojan to the Tilded platform, which helped the malware evade detection by traditional security software.
-
30 Dec 2011 Multifunctional malware, staged drive-by attacks to rise in 2012
Malware toolkits are being programmed with attacks that make the most business sense, say security experts. Automated toolkit users will have new capabilities to target specific groups and...
Year’s top 5 security podcasts highlight security breaches of 2011
Among the experts are Verizon’s Wade Baker on data breaches, Microsoft’s David Ladd on software security and Catalin Cosoi of BitDefender on targeted attack prevention.
-
29 Dec 2011 Emerging 2012 security trends demand information security policy changes (SearchSecurityUK.com)
2012 security trends involving cookies, fines, devices and threats will demand more skills -- and a little finesse -- from security professionals.
Microsoft emergency update to address hash collision attacks
A critical update affects all versions of Microsoft .NET Framework and other programming languages. The vulnerability could allow denial-of-service attacks.
-
28 Dec 2011 Cybersecurity career experts: Mobile app security skills hot in 2012
The increase in smartphones and other mobile devices has fueled demand for IT security pros with mobile app security and networking skills, say several cybersecurity career experts.
-
27 Dec 2011 Security intelligence firm Stratfor investigates hacktivist attack
A hacktivist group claims it stole credit card data from organizations that purchased the intelligence firm’s publications.
-
21 Dec 2011 Google Gmail doesn't meet LAPD security needs (SearchCloudComputing.com)
Worried about email security, the Los Angeles city government kills plans to move the LAPD to Gmail.
ICO stands by unpopular UK cookie legislation with advice, warnings (SearchSecurityUK.com)
Website owners have resisted compliance with cookie legislation so the ICO has issued more guidance and warnings to nudge them along.
Spear phishing attacks likely key in U.S. Chamber of Commerce breach, experts say
Spear phishing attacks via China were likely what led to the lengthy U.S. Chamber of Commerce breach, experts say.
-
20 Dec 2011 Critical Windows 7 zero-day vulnerability could lead to iFrame attacks
Danish vulnerability clearinghouse Secunia is warning of a highly critical memory corruption zero-day vulnerability that could be targeted by attackers. Proof-of-concept code has been published.
Why businesses should care about proposed Protect IP, SOPA pirating laws
Legislation is aimed at stopping piracy, but security professionals and industry groups say it could weaken security, hamper innovation and limit competition among small businesses and startups.
-
15 Dec 2011 GlobalSign hack update: Certificate authority finds no rogue certs
Following a breach to a GlobalSign Web server, an extensive investigation found no evidence of an infiltration of its digital certificate infrastructure and no leakage of its certificate keys.
-
14 Dec 2011 New Sourcefire firewall with content filtering promises more control (SearchSecurityUK.com)
Sourcefire has announced its new firewall with content filtering, which it says will let administrators control users’ activities at a business level.
Nitro attackers use Symantec report (Security Bytes blog)
Those responsible for the Nitro attacks earlier this year are targeting chemical companies with malicious emails claiming to be from Symantec.
-
13 Dec 2011 December 2011 Patch Tuesday sees 13 Microsoft bulletins, Duqu patch
Microsoft’s 13 security bulletins included critical Windows and Windows Media Player updates.
Google tosses malicious Android apps from Android Market
A developer uploaded more than a dozen cloned games, wrapping them in code that caused device owners to accrue expensive text messaging charges to premium numbers.
-
09 Dec 2011 Special report: 'Eye On' mobile security
SearchSecurity.com's news team explores the challenges and technologies enterprises must know to successfully manage mobile security.
Top 5 mobile phone security threats in 2012
Experts share their 2012 mobile security threat predictions.
-
08 Dec 2011 Android app security: Study finds mobile developers creating flawed Android apps
A study of enterprise applications designed for Android devices found over 40% of Android applications contain hard-coded cryptographic keys, a practice that weakens Android app security.
Microsoft prepares for 14 bulletins, no indication of Duqu repair
Microsoft is preparing to addressing 20 vulnerabilities for its December Patch Tuesday, including flaws in Internet Explorer, Windows Media Player and Microsoft Publisher
-
07 Dec 2011 Adobe security update being issued for zero-day in Reader, Acrobat for Windows
Adobe has issued a warning about a critical zero-day vulnerability in Adobe Reader and Acrobat for Windows. An emergency security update is scheduled.
Malware, lost or stolen devices top mobile phone security threats
Malware authors are just beginning to target popular mobile platforms, and experts say enterprises need to gain control of the devices connecting to the corporate network.
Secure coding techniques absent from eight in 10 Web applications (SearchSecurityUK.com)
Veracode’s latest State of Software Security Report showed secure coding techniques are absent from most Web applications. Android apps fared badly, too.
-
06 Dec 2011 Carrier IQ spyware controversy highlights mobile app access missteps
Enterprises should educate device owners about setting application permissions and mobile application developers should add notification features to establish trust with users, experts say.
Report on UK cybercrime statistics reveals culprits and responders (SearchSecurityUK.com)
PwC’s cybercrime statistics reveal who is most likely to commit cybercrime, and who is the best choice to respond in any organisation.
Symantec launches mobile security evaluation, app assessment services (Security Bytes Blog)
Security assessment reviews an organization’s mobile security policies and technologies, evaluating the mobile security posture against a set of 15 core elements.
-
05 Dec 2011 Concerned about tablet security issues? Some are, others not so much (SearchSecurityUK.com)
Users love their tablets, but security pros are concerned about tablet security issues. However, though tablets bring new threats, not everyone is ringing the alarm.
-
02 Dec 2011 Duqu Trojan attackers cleaned their tracks well, analysis finds
Analysis of the command-and-control server network connected to the Duqu Trojan found hackers worked fast to wipe any data that could be traced to a source.
Swiss bank balances tablet security issues with performance, cost (SearchSecurityUK.com)
When a Swiss bank needed solve its tablet security issues, it found a way to secure its devices without sacrificing performance by using virtualisation.
-
01 Dec 2011 Adobe Flex update patches flaw in Flex application development framework
A coding error in the Adobe Flex SDK could cause developers to create applications with cross-site scripting issues, according to an advisory issued by Adobe Systems.
-
30 Nov 2011 HP printer vulnerabilities leave millions of printers susceptible to attack
Researchers at Columbia University have discovered a vulnerability in HP’s LaserJet printers that could allow attackers to gain complete remote control.
HTML 5 security issues pose challenges for enterprises, experts say
While the Adobe Flash replacement packages browser data more efficiently, HTML 5 security issues present holes that could be targeted by attackers.
Privacy group reports alarming data breach statistics in public sector (SearchSecurityUK.com)
Big Brother Watch reported alarming data breach statistics at local councils, which may be just the tip of the iceberg.
-
29 Nov 2011 New Facebook worm poses as a screensaver
Like previous Facebook worms, the new malware uses stolen credentials to log into accounts and spam contacts.
-
28 Nov 2011 Government publishes UK Cyber Security Strategy to protect public (SearchSecurityUK.com)
The government’s UK cyberscurity strategy includes a new crime unit, more certifications, increased public education, and the creation of kitemarks.
Twitter acquires WhisperSystems mobile security technology
Twitter acquired WhisperSystems, a firm that makes mobile encryption and firewall technology for Android devices.
-
23 Nov 2011 Mobile device management market offers mobile device security options
The mobile device management market offers options for mobile device security challenges, but there's no clear consensus on how to choose a product.
-
22 Nov 2011 Cloud computing risk management: Assessing key risks of cloud computing (SearchCloudSecurity.com)
This guide discusses cloud computing risk management; how to prepare for cloud outages, conduct a cloud risk assessment, and evaluate cloud providers.
-
18 Nov 2011 CSA Congress roundup: Cloud SLAs, compliance and 7 dirty words (SearchCloudSecurity.com)
Topics highlight array of cloud security challenges
-
17 Nov 2011 ISC issues temporary patch for zero-day BIND 9 DNS server flaw
A temporary patch has been released for BIND 9 DNS servers, mitigating a zero-day vulnerability causing server crashes. It's unclear if exploits are in the wild.
Tougher data protection rules will push up cost of email marketing (SearchSecurityUK.com)
The EU will announce tougher rules for collecting information from consumers. Security pros can plan now for the new rules, expected in January 2012.
Updated CSA guidance offers tips, advice on cloud-based security (SearchCloudSecurity.com)
Updated CSA guidance offers practical tips and advice on cloud-based security
-
16 Nov 2011 Cloud security among PCI Council 2012 special interest groups (Security Bytes Blog)
The PCI Security Standards Council delineated a scope of special interest groups known as SIGS in order to help prioritize next years areas of focus.
Coviello talks about building a trusted cloud, resilient security (SearchCloudSecurity.com)
Security needs to change in order to defend against targeted attacks, RSA chairman says.
London firm offers fixed-price cloud DDoS protection (SearchSecurityUK.com)
One company has launched a fixed-price cloud DDoS-protection service for mitigating the ever-present threat of DDoS attacks.
New malware signed with government digital certificate
New malware that is signed with a valid digital certificate once belonging to the Malaysian government has been discovered by researchers at F-Secure.
-
15 Nov 2011 Confusion over APT attacks leads to misguided security effort
Enterprises swayed by vendor marketing and a lack of understanding still fail to adequately counter advanced persistent threats (APT).
Podcast: Inside the DNS Changer botnet takedown (Security Wire Weekly podcast)
Security Wire Weekly podcast: Trend Micro Advanced Threats Researcher Paul Ferguson discusses how the DNS Changer botnet takedown happened and why an even more dangerous botnet era may be beginning.
-
14 Nov 2011 Without enforcement, a mobile device security policy alone falls short
Experts say an enterprise mobile device security policy alone will fall short without the technology to enforce it.
-
News
-
Latest Headlines
-
Featured
-
Information Security Magazine
The information security pro’s resource for keeping corporate data, applications and devices secure
Download Now!
-
-
- Magazine
- Multimedia
-
Security
Topics-
Topics
-
Enterprise Data Protection
Data Loss Prevention, Data Analysis and Classification, Data Security and Cloud Computing, Identity Theft and Data Security Breaches, Enterprise Data Governance, Disk Encryption and File Encryption, Database Security Management
Application and Platform Security
Secure SaaS: Cloud services and systems, Operating System Security, Enterprise Vulnerability Management, Virtualization Security Issues and Threats, Securing Productivity Applications, Software Development Methodology, Web Security Tools and Best Practices, Application Firewall Security, Application Attacks (Buffer Overflows, Cross-Site Scripting), Database Security Management, Email Protection, Open Source Security Tools and Applications, Social media security
Enterprise Identity and Access Management
Web Authentication and Access Control, User Authentication Services, Identity Management Technology and Strategy
Government IT Security Management
-
Information Security Threats
Malware, Viruses, Trojans and Spyware, Smartphone and PDA Viruses and Threats, Emerging Information Security Threats, Information Security Incident Response, Hacker Tools and Techniques: Underground Sites and Hacking Groups, Denial of Service (DoS) Attack Prevention, Security Awareness Training and Internal Threats, Application Attacks -Information Security Threats , Web Server Threats and Countermeasures, Identity Theft and Data Security Breaches, Enterprise Vulnerability Management, Email and Messaging Threats, Web Application and Web 2.0 Threats
Information Security Careers, Training and Certifications
Security Industry Certifications, Information Security Jobs and Training, CISSP Certification
Security Audit, Compliance and Standards
ISO 17799, Gramm-Leach-Bliley Act (GLBA), PCI Data Security Standard, HIPAA, Sarbanes-Oxley Act, IT Security Audits, Data Privacy and Protection, FFIEC Regulations and Guidelines, COBIT
Security for the Channel
-
Enterprise Network Security
Network Security: Tools, Products, Software, Network Protocols and Security, Secure VPN Setup and Configuration, Network Intrusion Detection and Analysis, Wireless Network Security: Setup and Tools, NAC and Endpoint Security Management
Information Security Management
Security Industry Market Trends, Predictions and Forecasts, Enterprise Risk Management: Metrics and Assessments, Enterprise Compliance Tools, Business Management: Security Support and Executive Communications, Enterprise Compliance Management Strategy, Disaster Recovery and Business Continuity Planning, Information Security Policies, Procedures and Guidelines, Information Security Laws, Investigations and Ethics, Vendor Management: Negotiations, Budgeting, Mergers and Acquisitions, Information Security Incident Response-Information, Security Awareness Training and Internal Threats, News and analysis from IT security conferences
-
-
Hot Topics
-
-
Tutorials
-
Advice & Tutorials
-
Technology Dictionary
-
-
Expert
Advice-
Tips
-
Answers
-
Ask a Question
-
-
White
Papers-
Research Library
-
Product Demos
-
Resource Centers
-
- Blogs