Category Archives: Articles

Image Spam: Getting the Picture?

Spam. We’ve all seen enough of it. But just as familiarity has bred contempt (and stopped most email users responding to it), spammers have come up with a new technique to snare the unwary and get around corporate security measures.

How to safely dispose of old mobile devices

The lifespan of notebook PCs, PDAs and smartphones is falling as the pace of technology marches ever onwards. But for every new mobile device purchased by organisations of all sizes there is usually a piece of legacy hardware that gets sold, passed on to a colleague, friend or relative, or simply thrown away in the… Read More »

The Dirty Dozen: Killing False Positives

In the classic war movie The Dirty Dozen, Lee Marvin’s maverick major must make a crack fighting unit from an unruly squad of prisoners, then launch an all-out assault behind enemy lines. It’s a near-impossible assignment.

What’s Important in Web Application Security Testing

As with many other business analysis issues, there are three sides to the story when looking at Web application security testing: yours, the findings of your vulnerability assessment, and the truth. Whether you’re using a commercial or open source scanner, you’re undoubtedly going to glean a lot of information and come across vulnerabilities.

Managing Compliance in a Multi-Regulatory World

Federal and state government regulations can be a big problem for today’s organizations. There are more than 100 such regulations in the U.S. alone, and that number continues to grow. These are in addition to industry-specific mandates. They are all designed to safeguard the confidentiality, integrity, and availability of electronic data from information security breaches.… Read More »

Magnifying the Value of ID Management Technology

During the past couple of years, Network Behavior Analysis (NBA) has made its way into the security mainstream. Many companies have found NBA’s flow-based approach to be more effective, easier to manage and less expensive than traditional, perimeter-based security solutions, such as firewalls, antivirus and intrusion detection/prevention systems (IDS/IPS). Recently, NBA capabilities have been expanded… Read More »

Avoid Wasting Money on Penetration Testing

Penetration Testing is the final word in proving that technical compliance and good security practices are in place – or so it should be. But how do you know if you’re getting a good service or not? What if the consultant performing the test is inexperienced? What is the impact on quality if the consultant… Read More »

Password Malpractice: Are You Guilty?

The explosion of passwords in today’s enterprise has created a sea of holes in the security infrastructure. Some CIOs have responded to the challenge by bringing in the lifeboats, figuratively speaking, but in many cases the password-related security risk remains largely unchecked and even ignored.

Ensuring a Successful Partnership with Your MSSP

Securing information assets has become a highly complex function demanding significant investment in process definition, security expertise, systems, and infrastructure. Compounding these challenges, it requires internal alignment between the various business units, IT organization and security teams to ensure the tensions between availability and security are well balanced. Security is also a 24×7 function, as… Read More »