While IPv6, the latest internet protocol, has been an approved standard for more than a decade, and internet experts have been warning about the sharp decrease in available IPv4 addresses, it languishes as an unappreciated and under-used protocol - a solution waiting for the problem to be acknowledged. The move to IPv6 will alleviate some network management issues and it will enable IP addresses to be assigned automatically to any new device with virtually no fear of duplicating that address. Yet, owing to the lack of dire consequences and the potential high cost of migration, many companies are sitting tight on their legacy network infrastructure.

Negotiating the minefield that is governance, risk and compliance (GRC) can be a daunting task for corporate, financial and IT executives alike. With companies facing significantly greater risks due to government and private industry compliance regulations that vary from country to country, combined with significantly increased litigation, most managers are searching for new ways to decrease their risk profile while continuing to scale back on costs and personnel. While software can help, it needs to understand the overall business goals and environment in order to judge risk appropriately.

If ever there was any doubt whether the security industry had found a way to stop cyberespionage, the activities of the past few months should put that to rest. Hactivist groups Anonymous and LulzSec have made it clear that no computer network, not even those of security companies, are immune from penetration. Enhanced spam-filtering technology and increased user awareness are critical in combatting cyber offenses, but companies must assume their systems are already breached and should therefore analyze their network for inappropriate activity. Perhaps today's top challenge facing senior IT personnel is to get the C-suite to sign off on implementing a 24/7 security system before the enterprise suffers a breach.

For many companies that process credit cards or retail customers' credit card data, the requirements of the Payment Card Industry Data Security Standard (PCI DSS) are all too familiar. But should companies that do not process credit cards implement the same data security restrictions as mandated for those that do? In this latest ebook from SC Magazine, we examine how even those companies not needing to adhere to the credit card guidance can benefit from the rules that PCI DSS lays out. Encryption and logging technologies are a boon to any company in need of protecting its internal or customer data. And some smaller companies are benefitting from promoting their businesses as PCI compliant.

Knowing what is going on so you can figure out what to do is one of the biggest challenges facing the enterprise today. Without situational awareness, investigations would require looking into a number of systems and collating incomplete information to get the bigger picture. For many IT administrators, the ability to monitor bandwidth, firewall use and VPN sessions has been simplified with the use of a security information and event management (SIEM) platform. The increasing flexibility of SIEM tools is especially important the more hazardous the threat landscape becomes. This latest eBook from SC Magazine surveys the SIEM landscape and digs into several actual use cases to examine the benefits and challenges faced by enterprises and the security teams running SIEM implementations.

Security experts agree that the health care industry is currently trying to digest a variety of data security and related laws, regulations and guidance. Adhering to standards is one thing, securing the infrastructure so that data leakage is thwarted is an entirely different ballgame. Many security tools are available to make the task easier, but appliances and software are only the beginning. Educating the workforce to be vigilant about security is another key ingredient. This latest eBook from SC Magazine examines specific ways that health care facilities - ranging from small clinics and medical offices to large, regional medical centers - can protect themselves from data losses due to cyber attacks, negligence and internal threats.

Cyberespionage attacks have been going on for years, although they haven't received much public disclosure or attention. But, an attack on Google and several other large companies early in 2010 changed that for the American multinational corporate stage. The so-called Aurora breach brought attention to the use of computers to invade domains anywhere in the world - to gather intellectual property, to jam up network operations, to siphon off financial assets, or any number of other misdeeds. And these efforts are growing. With the low-cost of computing resources, nearly anyone with some technical sense and a will to do harm can participate. To thwart such intrusions, proper risk management and layered security are key factors cited by some experts in this latest eBook from SC Magazine.

Instituting controls on all the data passing through an enterprise is a daunting challenge, even for seasoned security professionals. Getting a handle on transmissions over the network and the precious corporate assets stored in databases has become a lot trickier as more and more data is created and shared. Further, developments which push corporate data outside the perimeter - such as use of mobility technology, external social networking and public cloud services - have heightened the need for data-specific security. The good news is that the C-suite, owing to data breach regulations and penalties, is more aware about the need for diligent security processes, and there are tools available for IT security administrators to assist in encryption and automate logging tasks.

An insurance provider in Massachusetts had basic security measures in place, but these were not enough to be fully compliant with a strict, new state regulation, reports Greg Masters.

Brokerage services provider Aon Corp. found help in streamlining its network operations throughout its global reach into 120 countries, reports Greg Masters.