November 2009

• November 30, 2009 30 Nov'09

  PCI DSS questions: Should full credit card numbers be on a receipt?

  Are merchants that fall under PCI DSS allowed to print full credit card numbers on a receipt? Learn more in this response from security management expert David Mortman.  Continue Reading

• November 30, 2009 30 Nov'09

  How to find and remove keyloggers and prevent spyware installation

  Keep keyloggers from stealing your users' passwords by learning how to find and remove keyloggers, as well as how to prevent spyware installation in the first place, from IAM expert Randall Gamby.  Continue Reading

• November 30, 2009 30 Nov'09

  IBM to acquire database security firm Guardium

  Deal reportedly worth $225 million.  Continue Reading

• November 29, 2009 29 Nov'09

  What patch management metrics does Project Quant use?

  In this Q&A, expert Michael Cobb reviews the open patch management metrics model called Project Quant.  Continue Reading

• November 29, 2009 29 Nov'09

  How do hackers bypass a code signing procedure to inject malware

  In this expert Q&A, Michael Cobb reveals how malicious applications can actually be approved by Symbian's Express Signing procedure.  Continue Reading

• November 29, 2009 29 Nov'09

  How to secure a .pdf file

  In this expert Q&A, Michael Cobb explains how to avoid malicious content that is embedded into .pdf documents.  Continue Reading

• November 27, 2009 27 Nov'09

  Top spammer gets four years in jail for stock fraud scheme

  Alan Ralsky, the self-proclaimed "Godfather of Spam," was jailed for his role in a stock fraud spam scheme.  Continue Reading

• November 27, 2009 27 Nov'09

  Health Net breach failure of security policy, technology

  Investigators should question why an external hard drive contained seven years of data, but IT security should have had the appropriate security policies and technologies in place to enforce them.  Continue Reading

• November 25, 2009 25 Nov'09

  Schneier on the hidden cost of poor security

  Sales for certain specialized services depend highly on reputation and trust. Specialized services depend highly on trust and reputation says security guru Bruce Schneier who recently reposted a ...  Continue Reading

• November 24, 2009 24 Nov'09

  onboarding and offboarding

  In identity management, onboarding is the addition of a new employee to an organization's identity and access management (IAM) system. The term is also used if an employee changes roles within the organization and is granted new or expanded access ...  Continue Reading

• November 24, 2009 24 Nov'09

  Cost of security, IT management add up at healthcare facilities, study finds

  Digitalizing healthcare records and new health systems fail to cut costs, according to new research from Harvard University. Security and other management costs add up.  Continue Reading

• November 24, 2009 24 Nov'09

  Screencast: Find rogue wireless access points with Vistumbler

  Peter Giannoulis of TheAcademyHome.com and TheAcademyPro.com explains how to use the basic features of the free Vistumbler tool.  Continue Reading

• November 23, 2009 23 Nov'09

  New Zeus spam poses as Social Security statements

  Trojan steals banking credentials at small and midsize businesses. The Zeus Trojan continues to find new ways to trick users.  Recent spam campaigns trying to spread the malware have pretended to ...  Continue Reading

• November 23, 2009 23 Nov'09

  Quiz: Compliance-driven role management

  Use this five-question quiz to test your knowledge of role and entitlement management.  Continue Reading

• November 23, 2009 23 Nov'09

  PCI DSS compliance help: Using frameworks, technology to aid efforts

  This mini-guide offers a variety of tips and information on how organizations can use several frameworks, technologies and standards, such as tokenization, ISO 27002, Secure Hashing Algorithm and other existing controls to help manage PCI DSS ...  Continue Reading

• November 23, 2009 23 Nov'09

  Exploit code targets Internet Explorer zero-day display flaw

  Exploit code is publically available targeting an Internet Explorer cascading style sheet (CSS) handling error, according to Symantec.  Continue Reading

• November 22, 2009 22 Nov'09

  How to protect distributed information flows

  In a book excerpt from "The Shortcut Guide to Prioritizing Security Spending," author Dan Sullivan explains how to get a handle on enterprise data that may be moving around the globe.  Continue Reading

• November 20, 2009 20 Nov'09

  Identity lifecycle management for security and compliance

  Enterprise identities and their associated roles need to be provisioned for access to a variety of services and systems around the organization. In many cases, the entitlements provided to these various entities have a significant effect on ...  Continue Reading

• November 19, 2009 19 Nov'09

  Hackers to sharpen malware, malicious software in 2010

  Symantec researchers predict an increase in attacks using social network architectures, third-party applications and URL shortening services.  Continue Reading

• November 19, 2009 19 Nov'09

  Quiz: How to build secure applications

  Use this five-question quiz to test your knowledge of how to secure your enterprise apps.  Continue Reading