Articles
Top-of-mind IT security problems are bad enough. Finding the right sources of information to help rectify them can be tougher.
So to make the busy IT security executive's job easier, we plan to aggregate all our feature and news articles, white papers, webinars, podcasts and more into SC Portals. By conveniently dividing our editorial into today's most pressing IT security-related matters, you can quickly peruse up-to-date news and in-depth features that include the latest discussions and controversies, as well as hear from the industry's thought leaders.
A jumble of acronyms that stand for an overwhelming number of federal mandates have marched right to the fronts of most leading security professionals' minds. SOX, GLBA, HIPAA and FISMA are requiring CSOs and their companies to meet various and sundry security requirements that sometimes mirror one another and sometimes don't. Auditors looking to check off a box want to make sure these are met.
On top of Sarbanes-Oxley demands for publicly-traded companies (SOX), Gramm-Leach-Bliley Act requirements for financial organizations (GLBA), and the Health Insurance Portability and Accountability Act mandates and Federal Information for healthcare organizations (HIPAA), other legislation is looming large. Industry experts foresee the approval of a federal identity theft bill akin to California's SB1386 as inevitable. Just what IT security standards such a law will require companies to adhere to is still questionable.
Taking a holistic approach to security requirements put forth in both federal and state legislation is key to avoiding a duplication of efforts and strong security plans. Failing this, organisations and their corporate leaders could expose themselves to failed audits, large fines, loss of investor/customer confidence, compromised data or even jail time. Too much is at risk not to seek out insight from experts and the latest news here.
Top Article
by 08/23/05
Since early spring the media has reported on an almost weekly basis significant breaches of sensitive personal information involving financial information such as credit card and social security numbers. Millions have been affected prompting concern by consumers -- and Congress. Several committees in Congress have held hearings and drafted legislation over the past several months. While many of the bills are bipartisan in nature, however all are drawn along committee jurisdictional lines. Senate bill S-1408 proposed by Senators Gordon Smith (R) and Bill Nelson (D) which was marked up by the Senate Commerce, Science and Transportation Committee before the August recess, is the most advanced bill. Reconciliation of all of the proposed bills we take some time, however a survey of the legislation yields some common areas of agreement and disagreement.
full story
clear float
more on Compliance
Additional Portals
Updating and security servers, desktops and other infrastructure components can be arduous and time-consuming. Therefore tools and services that help companies experience less pain in this process are welcome.
It is common knowledge that virtually all software has bugs. As it becomes more complex, so does the coding behind it. Holes inevitably will be introduced. However, there are solutions to help companies keep operating systems and networking equipment from the likes of Microsoft and Linux to Cisco and Oracle up to date with the latest patches.
Testing, installing or even ignoring an update irrelevant to your system are all steps to consider when developing and implementing a patch management process. An unending process, implementing a strong patching process may seem an uphill battle but it is within a corporation's capabilities with the right tools and advice.
more on Patch Management
clear float
In the name of increased productivity, employees working from home and the road are everywhere. It is commonplace for organizations to depend on remote- and home-workers to address business needs. This, however, means a need for tightly controlled access to business applications and the requirement for secure endpoint devices in the hands of remote employees.
After all, the unsecured PC could become the ideal conduit for a virus to breach a corporate network. Or a thief could steal confidential data through an unsecured VPN connection. Then there are wireless LAN vulnerabilities and the threat of mobile device theft.
From SSL/IPSEC VPNs, two-factor authentication devices or data encryption to policy-enforcement systems and Wi-Fi Protected Access schemes, there are a bevy of options available to protect the road warrior and the remote worker.
more on Mobile/Endpoint Security
clear float
Organizations of all sizes have come to rely on email as a main form of communication with colleagues in their headquarters and international offices, business partners, clients and others. While email has long proven its many advantages, it also has its downsides.
Plagued by spam, malicious code, phishing scams, directory harvest DoS attacks and more, email systems require much oversight. Add to these cyber crime threats are legal issues that can arise from their misuse. Beyond a company finding itself in a serious liability situation if an employee sends out offensive email, there has been other combo threats that have cropped up. For example, recently there have been incidents where disgruntled individuals have established free web email accounts in others' names and then have sent out offensive or even threatening notes to the victims' associates.
Getting a handle on all the problems associated with email usage is daunting but not impossible. Find the latest insight, advice and news about email security issues here.
more on Email Security
clear float
