April 2006

• April 28, 2006 28 Apr'06

  How to create and enforce employee termination procedures

  In this Ask the Expert Q&A, Shon Harris, our security management expert, reviews how the the security group, HR and management should work together to define and enforce employee termination policies, and reviews what should be done during each ...  Continue Reading

• April 28, 2006 28 Apr'06

  Fraud risk assessment methodologies

  In this Ask the Expert Q&A, our security management expert provides our member with a series of fraud risk assessment factors to address before a policy is created.  Continue Reading

• April 27, 2006 27 Apr'06

  Gap analysis procedures

  In this Ask the Expert Q&A, Shon Harris, SearchSecurity's security management expert advises what should be done before a gap analysis is performed, and, provides six common steps of a gap analysis, so organizations will know what to expect before ...  Continue Reading

• April 27, 2006 27 Apr'06

  How can I open a closed port so my application can access the Internet?

  In this network security Ask the Expert Q&A, Mike Chapple, our resident expert, reveals what should be done if you need to re-open a closed port to allow an application to work.  Continue Reading

• April 27, 2006 27 Apr'06

  Regulatory Compliance and ISO 27001

  In this excerpt from Chapter 10 of "The Case for ISO 27001," author Alan Calder explains how using ISO 27001 can help information security professionals deal with the challenges of complying with complex and overlapping regulatory requirements.  Continue Reading

• April 27, 2006 27 Apr'06

  NetChk Protect 5.5

  Information Security magazine's contributing editor, Wayne Rash , reviews Shavlik Technologies NetChk Protect 5.5  Continue Reading

• April 26, 2006 26 Apr'06

  To executives, intrusion defense is a hard sell

  Security administrators say intrusion defense frustrates them not only because executives are reluctant to buy in, but also because even the top products have a long way to go.  Continue Reading

• April 25, 2006 25 Apr'06

  Employee termination procedures

   Continue Reading

• April 20, 2006 20 Apr'06

  What is the best method to determine whether email messages are transmitted as clear text?

  In this application security Ask the Expert Q&A, Michael Cobb disccuses how to use a network analyzer tool to determine whether email exchanges are transmitted as clear text.  Continue Reading

• April 20, 2006 20 Apr'06

  How can I determine whether a database is hosted on a secure platform?

  Learn what critical issues need to be addressed when determining if a database is hosted on a secure platform.  Continue Reading

• April 20, 2006 20 Apr'06

  Is there a way to identify a spoofed user ID?

  In this application security Ask the Expert Q&A, Michael Cobb explains how an organization can identify the employee who has used a spoofed user ID to intercept email exchanges.  Continue Reading

• April 18, 2006 18 Apr'06

  Compliance Q&A: Myths, mistakes and management advice

  Keeping organizations continuously compliant with multiple complex and ever-changing regulatory requirements remains a challenge for many infosec pros. But if they don't shape up now, it's only going to get worse. In this interview, Rebecca Herold, ...  Continue Reading

• April 17, 2006 17 Apr'06

  The Practical Guide to Assuring Compliance: Identifying Risks to Executives

  In this excerpt from "The Practical Guide to Compliance and Security Risks," author Rebecca Herold outlines the risks executives are often in the dark about and the importance of creating a security management oversight council.  Continue Reading

• April 14, 2006 14 Apr'06

  Security Blog Log: Man of God, man of ID theft

  This week in the blogosphere: new government data on the scope of ID theft and the tale of how a pastor and his wife were charged with the crime.  Continue Reading

• April 14, 2006 14 Apr'06

  The choice is clear for this privacy officer: ChoicePoint's Carol DiBattiste

  How do you prove to the public you're trustworthy when your company's forever linked with a massive data breach?  Continue Reading

• April 14, 2006 14 Apr'06

  Cleaning up after a data attack: CardSystems' Joe Christensen

  The credit card processor's new vice president of security and compliance is convinced he can restore the company's reputation after it made the evening news.  Continue Reading

• April 14, 2006 14 Apr'06

  Dealing with an inside job: Georgia Technology Authority's Mark Reardon

  The organization's director of security grappled with the fine mess done by one of its own. Part of the Security All-Star Survivor series.  Continue Reading

• April 14, 2006 14 Apr'06

  Surviving a data disaster: Lexis-Nexis' Leo Cronin

  Read how the information security officer for the data broker handled the headlines after last year's major data breach and then decide if he deserves your vote as Top Survivor.  Continue Reading

• April 13, 2006 13 Apr'06

  Management Support

  In the excerpt from Chapter 2 of "Nine Steps to ISO 27001 Success: An Implementation Overview," author Alan Calder explains the first key to ISO 27001 success and what it takes to set up for success.  Continue Reading

• April 13, 2006 13 Apr'06

  HTTP attacks: Strategies for prevention

  Examine how hackers manipulate HTTP requests to solicit an attack, and learn various guidelines developers should follow to mitigate this threat.  Continue Reading