Latest IT Security News

FINRA advises brokers to bulk up security

January 27, 2012

The self-regulating authority of Wall Street is warning securities firms about a rise in customers' email accounts being hacked to deliver bogus funds transfer requests.
 

Univ. of Hawaii settles with 98,000 over five breaches

January 27, 2012

The largest class-action settlement in Hawaii's history is related to data breaches at University of Hawaii campuses.
 

Study: BlackHole appears, Conficker remains

January 26, 2012

Eighty-five percent of all malware is web-based, and some 30,000 websites are newly infected with malicious code each day, according to Sophos' "Security Threat Report 2012."
 

Google privacy policy changes raise concerns

January 26, 2012

A new blueprint by which Google will share user information across its offerings, similar to how Facebook does, is geared to enhance the experience, but critics fear the move is a privacy quagmire.
 

Symantec admits stolen source code impacts pcAnywhere

January 25, 2012

Big Yellow has done an about-face in light of new analysis that confirms users of its pcAnywhere software may be at risk to attack due to the disclosure of source code.
 

Highlights from the January issue

The new wave: Modern security education

The new wave: Modern security education

Sometimes a little bit of competition is what it takes to get students on the path to careers in security. Software engineer Alex Levinson, who won the U.S. Cyber Challenge, was one of those people.
SC Magazine survey: Guarding against a data breach

SC Magazine survey: Guarding against a data breach

Security conversations are as audible as ever, yet budgets remain largely flat. However, an expected influx of compliance audits may serve as the driver for more dollars. We polled 488 pros for their thoughts.
Hard target: The APT scenario

Hard target: The APT scenario

Stealthy, targeted attacks are real -- as evidenced by operations such as Shady RAT and Stuxnet -- and there isn't a one-size-fits-all remedy to deal with them.
Bumper crop: Cyber security legislation

Bumper crop: Cyber security legislation

Data security measures have a long, storied history of meeting their demise on Capitol Hill. But two proposals have the bipartisan support that give them at least a shot at passage in 2012.

Latest Opinions

The five new laws of anti-malware

Zulfikar Ramzan, chief scientist, Sourcefire • January 23, 2012

Today, the best overall security solution includes technologies that can help you quickly respond to an inevitable attack.
 

Make the first 24 hours of data breach resolution count

Ozzie Fonseca, senior director, Experian Data Breach Resolution January 19, 2012

If your company doesn't have a response plan, the unending spate of recent breaches is surely motivation enough to create one.
 

The next remote access challenge: Seamless VPN roaming

Patrick Oliver Graf, general manager, NCP engineering • January 19, 2012

In today's mobile world, it's not uncommon to be faced with a multitude of connection types on any given day.
 

APTs in critical infrastructure organizations

Dave Amsler, President and CIO, Foreground Security January 18, 2012

Many managers of utilities companies don't understand or appreciate the value of IT security...at their, the facilities' and the community's peril.
 

Enterprise app stores can reduce mobile security threat

Liam Lahey, online community manager, Partnerpedia January 17, 2012

With BYOD, there's a confluence of people bringing in potential dangers from the outside that in turn presents a new class of security concerns that businesses haven't had to consider before.
 

Social Networking: A "Spotlight" edition

We never disconnect from social media. Not only do we count on these channels to communicate with friends and interesting people, but we also rely on them to reach customers, collaborate with co-workers, and generate new revenue streams. Thus, blocking access to sites such as Facebook and Twitter is quickly becoming taboo.

But given the sheer amount of and ease by which personal information can be shared on these sites present a major enterprise risk. SC Magazine's newest installment of our special "Spotlight" editions will help you, the security professional, hone in on the insider and external threats presented by social networking so you can protect your organization's crown jewels: its data. We hope you enjoy.

Download the PDF now

SC Congress New York 2011

Highlights from the fourth-annual showcase

Latest Product Reviews

SecureAuth Identity Enforcement Platform

This product leverages an already existing Microsoft Active Directory or LDAP (lightweight directory access protocol) structure to add multifactor authentication to a host of services and applications.
 

Deepnet Security DualShield v5.2

DualShield v5.2 from Deepnet Security is a unified authentication platform, using the versatile authentication server model.
 

SC In Focus

Sponsored videos with IT security experts at HP Protect 2011


Join us on Facebook!

Follow us on Twitter! 

Extra, extra...Read all about it

In this special Spotlight edition, we're taking on the mobile security challenge. It is one problem that most of our readers bring up to us time and again. To safeguard mobile devices used by business executives, the data stored on them and the connectivity to corporate networks they enable is a constant trial - one that is infrequently satisfactorily remedied. This is leaving many security pros comparing themselves to Sisyphus rolling a giant boulder up a steep hill over and over. The difference: mobile security troubles only grow heavier. Not only are smartphones, tablets and other devices now ubiquitous, they're often brought from home.

So, just how are companies supposed to secure these things - some private, some corporate-issued? How can such a heterogeneous environment be centrally managed and safeguarded? What about all those applications end-users keep downloading? What about the data they want to download on them? Any legal ramifications? How does the company stay compliant?  The questions never end, so we thought it'd be helpful to slow down for a moment to thoroughly examine these more confounding mobile security concerns in this "Spotlight" edition. After you flip through its pages, let us know if you found what you needed. Text us or something...

Download it now!


The cloud: An SC Magazine special edition

The third "Spotlight" edition of SC Magazine provides an in-depth analysis on securing data in the cloud and the effect this is having on enterprise security. There's no doubt that cloud services offer reduced cost, scalability, flexibility, mobility and more. However, the lower total cost of ownership the cloud offers is quickly negated when critical business data is exposed or stolen because data there proved easy pickings to persistent cybercriminals.

This "Spotlight" edition offers a look at cloud concerns faced in the enterprise today - gathering intelligence from experts in the field, the latest reports and thorough investigation.

Download it now!



Podcasts

Podcast: Security awareness training and rewarding good behavior

January 26, 2012

Awareness training is finally becoming more about security and less about compliance, as SANS instructor Lance Spitzner discusses in this SC Magazine Podcast episode.
 

The Breach Blog

Some 2M possibly affected by NYSEG, RG&E data compromise

January 25, 2012

Unauthorized individuals gained access to the personal data belonging to customers of New York State Electric & Gas (NYSEG) and Rochester Gas & Electric (RG&E), which are owned by Iberdrola USA.
 

The 2012 SC Awards Finalist Blog

A closer look at two of today's top security threats

Matt Ulery, director, product manager, NetIQ • January 26, 2012

Hackers and computer criminals have shown an ongoing ability to stay one step ahead of the security professional, but there are strategies and tools to help thwart their efforts.
 

Solving the hardest problems in enterprise data security

Jim Ricotta, CEO, Verdasys • January 23, 2012

Companies targeted by APT will need to upgrade their defenses strategy to include multiple, integrated layers of extremely sensitive anomaly detection and mitigation.
 

SC Magazine 2012 editorial calendar

Here's some of our exciting story plans for the new year.

Click here to download the PDF.

Featured Slideshows

Innovators 2011 Slideshow

Innovators

Every year at this time, we roll up our sleeves and start digging for those companies that have the vision, imagination and creative management to become the leaders in our industry through their innovation. These Innovators are a harbinger of what we can expect from the future. So, hang on… it’s gonna be quite a ride!
 

The News Team Blog

The government has it wrong on Anonymous and critical infrastructure

October 19, 2011

When it comes to stopping individuals who want to compromise industrial control systems, the Anonymous group is certainly not Enemy No. 1.
 

Finalist Announcement

 

The finalists have been announced! Check here to see which contenders made the short list.

Me and my job

CSOs: We'd like to profile one of your IT team members

Each month, we print a Q&A in our magazine called "Me and My Job," querying an IT security specialist "in the trenches" at an end-user company about their career. And we need your suggestions.

Might there be someone who works under you who would be a worthy participant? This section gives you an opportunity to call out one of your star team members, whose picture and responses would appear in SC Magazine.

Click here for more information.

 Subscribe to the RSS for this page  [view all our RSS feeds here]