Archive

Archive for the ‘Articles’ Category

Image Spam: Getting the Picture?

April 5th, 2007

Spam. We’ve all seen enough of it. But just as familiarity has bred contempt (and stopped most email users responding to it), spammers have come up with a new technique to snare the unwary and get around corporate security measures.
Read more…

Articles

How to safely dispose of old mobile devices

March 26th, 2007

The lifespan of notebook PCs, PDAs and smartphones is falling as the pace of technology marches ever onwards. But for every new mobile device purchased by organisations of all sizes there is usually a piece of legacy hardware that gets sold, passed on to a colleague, friend or relative, or simply thrown away in the office rubbish. The hardware may be obsolete, but what about the software and data contained on the mobile device?
Read more…

Articles

Overseeing Your Organization’s Security Posture with Active Vulnerability Management

March 26th, 2007

Many IT executives today are tasked with finding a way to understand their organization’s true security posture, as they must prove that “due care” is being taken to secure their networks. The pressure to prove true security levels comes from business partners, company executives, industry regulations, and maintaining company reputation.
Read more…

Articles

The Dirty Dozen: Killing False Positives

March 9th, 2007

In the classic war movie The Dirty Dozen, Lee Marvin’s maverick major must make a crack fighting unit from an unruly squad of prisoners, then launch an all-out assault behind enemy lines. It’s a near-impossible assignment.
Read more…

Articles

What’s Important in Web Application Security Testing

March 8th, 2007

As with many other business analysis issues, there are three sides to the story when looking at Web application security testing: yours, the findings of your vulnerability assessment, and the truth. Whether you’re using a commercial or open source scanner, you’re undoubtedly going to glean a lot of information and come across vulnerabilities.
Read more…

Articles

Managing Compliance in a Multi-Regulatory World

March 5th, 2007

Federal and state government regulations can be a big problem for today’s organizations. There are more than 100 such regulations in the U.S. alone, and that number continues to grow. These are in addition to industry-specific mandates. They are all designed to safeguard the confidentiality, integrity, and availability of electronic data from information security breaches. So, what are the consequences if your organization fails to comply? Heavy fines and legal action. In short, it’s serious.
Read more…

Articles

Magnifying the Value of ID Management Technology

February 28th, 2007

During the past couple of years, Network Behavior Analysis (NBA) has made its way into the security mainstream. Many companies have found NBA’s flow-based approach to be more effective, easier to manage and less expensive than traditional, perimeter-based security solutions, such as firewalls, antivirus and intrusion detection/prevention systems (IDS/IPS). Recently, NBA capabilities have been expanded to offer network optimization and identity tracking solutions, which add value to both the original NBA solution and existing ID management tools.
Read more…

Articles

Avoid Wasting Money on Penetration Testing

February 20th, 2007

Penetration Testing is the final word in proving that technical compliance and good security practices are in place – or so it should be. But how do you know if you’re getting a good service or not? What if the consultant performing the test is inexperienced? What is the impact on quality if the consultant is overworked? What if the consultant is an expert ‘hacker’, but terrible at report writing?
Read more…

Articles

Password Malpractice: Are You Guilty?

February 19th, 2007

The explosion of passwords in today’s enterprise has created a sea of holes in the security infrastructure. Some CIOs have responded to the challenge by bringing in the lifeboats, figuratively speaking, but in many cases the password-related security risk remains largely unchecked and even ignored.
Read more…

Articles

Ensuring a Successful Partnership with Your MSSP

February 16th, 2007

Securing information assets has become a highly complex function demanding significant investment in process definition, security expertise, systems, and infrastructure. Compounding these challenges, it requires internal alignment between the various business units, IT organization and security teams to ensure the tensions between availability and security are well balanced. Security is also a 24×7 function, as threats can emerge at anytime.
Read more…

Articles