Information Security Policies Procedures and Guidelines

  • November 01, 2007 01 Nov'07

    Cisco snaps up Securent

    Cisco Systems on Thursday said it agreed to buy security software maker Securent for about $100 million. Cisco described Securent's policy management software as allowing enterprises to administer, ...

  • October 29, 2007 29 Oct'07

    TJX court documents confirm earlier suspicions

    I'm not surprised by court documents claiming that TJX blew it on nine of the 12 requirements of the PCI Data Security Standard (PCI DSS), which of course allowed hackers to break into its network ...

  • October 26, 2007 26 Oct'07

    Windows admins unhappy over Automatic Update changes

    A couple weeks back, Windows expert Scott Dunn warned that the repair feature in Windows XP was knocked out of alignment when Microsoft silently deployed a batch of new support files for Windows ...

  • October 24, 2007 24 Oct'07

    Why data thieves love academia

    Check out the excellent chronology of data breaches kept by the Privacy Rights Clearinghouse and you'll notice that a massive chunk of those affected reside in academia. At a gathering of IT ...

  • October 19, 2007 19 Oct'07

    More Storms on the horizon

    The news on the Storm worm just keeps getting worse. In just the last few days, there have come reports that the worm's author (or other criminals who have bought copies of the worm) is using to ...

  • October 16, 2007 16 Oct'07

    Schwarzenegger strikes a blow for the big guy

    Like many other things in life, the legislative process often mystifies me. But the one thing that is clear is that the outsized influence of special interest groups and lobbying organizations has ...

  • October 16, 2007 16 Oct'07

    ‘Tens of thousands’ of user accounts exposed

    Mikko Hypponen, director of antivirus research at F-Secure Corp., has a sobering blog posting this morning about an unknown group that publicly posted information about tens of thousands of user ...

  • October 10, 2007 10 Oct'07

    VeriSign in dispute over news content

    VeriSign is in hot water over a dispute with the Associated Press over the use of AP content by its Moreover Technologies news aggregation service. The AP filed the lawsuit in U.S. District Court ...

  • October 05, 2007 05 Oct'07

    More IDs compromised: 450,000 in the Bay State

    Another day, another batch of identities exposed. This time, the bad news comes from Massachusetts, where the state's Division of Professional Licensure (DPL) mailed off 28 computer disks with ...

  • October 03, 2007 03 Oct'07

    TJX seeks experienced IT security manager

    Here's some actual proof that TJX is trying to do something about the security holes that allowed hackers to repeatedly access its network and steal data on some 45 million customers: A job posting ...

  • October 03, 2007 03 Oct'07

    Rain Forest Puppy is back, and he’s been busy

    The topic of how the shift to Web-based applications affects the work that security researchers do has been coming up quite a bit lately, and it's an interesting discussion to have. I wrote a ...

  • October 02, 2007 02 Oct'07

    Sophos to use Shavlik in its NAC offering

    Shavlik Technologies announced Tuesday that UK-based security vendor Sophos will begin delivering Shavlik’s patch management technology as part of Sophos’ NAC Advanced product for controlling ...

  • October 01, 2007 01 Oct'07

    Cenzic and HP settle Web app security patent dispute

    HP has reached an agreement with application security provider Cenzic to cross-license some patents that were at the center of a pair of lawsuits that SPI Dynamics (now part of HP) filed against ...

  • September 27, 2007 27 Sep'07

    A rough week for Google security

    Google's security reputation has been taking a beating in the blogosphere this week, with researchers spotlighting new flaws in the search giant's popular tools. Software developer Giorgio Maone ...

  • September 27, 2007 27 Sep'07

    The case for identity-enabled devices

    I wanted to highlight an article that debuted on the site this week that was written by Joel Dubin, which makes the case for identity-enabled network devices. On one hand, as Joel writes, the ...