Spam. We’ve all seen enough of it. But just as familiarity has bred contempt (and stopped most email users responding to it), spammers have come up with a new technique to snare the unwary and get around corporate security measures.
The lifespan of notebook PCs, PDAs and smartphones is falling as the pace of technology marches ever onwards. But for every new mobile device purchased by organisations of all sizes there is usually a piece of legacy hardware that gets sold, passed on to a colleague, friend or relative, or simply thrown away in the… Read More »
Many IT executives today are tasked with finding a way to understand their organization’s true security posture, as they must prove that “due care” is being taken to secure their networks. The pressure to prove true security levels comes from business partners, company executives, industry regulations, and maintaining company reputation.
In the classic war movie The Dirty Dozen, Lee Marvin’s maverick major must make a crack fighting unit from an unruly squad of prisoners, then launch an all-out assault behind enemy lines. It’s a near-impossible assignment.
As with many other business analysis issues, there are three sides to the story when looking at Web application security testing: yours, the findings of your vulnerability assessment, and the truth. Whether you’re using a commercial or open source scanner, you’re undoubtedly going to glean a lot of information and come across vulnerabilities.
Federal and state government regulations can be a big problem for today’s organizations. There are more than 100 such regulations in the U.S. alone, and that number continues to grow. These are in addition to industry-specific mandates. They are all designed to safeguard the confidentiality, integrity, and availability of electronic data from information security breaches.… Read More »
During the past couple of years, Network Behavior Analysis (NBA) has made its way into the security mainstream. Many companies have found NBA’s flow-based approach to be more effective, easier to manage and less expensive than traditional, perimeter-based security solutions, such as firewalls, antivirus and intrusion detection/prevention systems (IDS/IPS). Recently, NBA capabilities have been expanded… Read More »
Penetration Testing is the final word in proving that technical compliance and good security practices are in place – or so it should be. But how do you know if you’re getting a good service or not? What if the consultant performing the test is inexperienced? What is the impact on quality if the consultant… Read More »
The explosion of passwords in today’s enterprise has created a sea of holes in the security infrastructure. Some CIOs have responded to the challenge by bringing in the lifeboats, figuratively speaking, but in many cases the password-related security risk remains largely unchecked and even ignored.
Securing information assets has become a highly complex function demanding significant investment in process definition, security expertise, systems, and infrastructure. Compounding these challenges, it requires internal alignment between the various business units, IT organization and security teams to ensure the tensions between availability and security are well balanced. Security is also a 24×7 function, as… Read More »