Mobile Version
Subscribe
Contact Us
About Us
Advertising
Editorial
SC UK
SC Aus/NZ
Home
News
Features
Opinions
News Bytes
Editorial Videos
In Focus Videos
Products
Podcasts
Canada
Newsletters
Products
Group Tests
First Looks
Products
About Reviews
Blogs
The News Team Blog
The Data Breach Blog
The SC Magazine Awards Blog
Extras
ebooks
Case Studies
Slideshows
Spotlights
Buyers Guide
Whitepapers
IT Security Jobs
Events
SC Awards U.S.
SC Congress Canada
SCWC 24/7
SC Awards Canada
SC Congress New York
Editorial Webcasts
Vendor Webcasts
Subscribe
Newsletters
Subscribe to SC
Archive
Archive
Featured Topics:
Patches
Malware
Breaches
Government
Cybercrime Corner
Congress Canada
Canada News
RSS
|
Login
|
Register
Boundless information: Mining social networks
Jim Romeo
February 01, 2012
Criminals are finding social media websites like Facebook, which contain a vast array of personal assets, to be a treasure trove of information that they can use to launch further attacks.
Adjoining islands: Security convergence
Dan Kaplan
February 01, 2012
Turf wars remain a major roadblock to embracing the merger of physical and logical security. But Honolulu CIO Gordon Bruce believes the right time for such a project is now.
Cyber beacons: The challenges of new technologies
Deb Radcliff
February 01, 2012
Organizations are working overtime to design ways to control, via policy and technology, employees' penchant for sharing private information across social networking and mobile devices.
Bumper crop: Cyber security legislation
Stephen Lawton
January 03, 2012
Data security measures have a long, storied history of meeting their demise on Capitol Hill. But two proposals have the bipartisan support that give them at least a shot at passage in 2012.
SC Magazine survey: Guarding against a data breach
Illena Armstrong
January 03, 2012
Security conversations are as audible as ever, yet budgets remain largely flat. However, an expected influx of compliance audits may serve as the driver for more dollars. We polled 488 pros for their thoughts.
The new wave: Modern security education
Dan Kaplan
January 03, 2012
Sometimes a little bit of competition is what it takes to get students on the path to careers in security. Software engineer Alex Levinson, who won the U.S. Cyber Challenge, was one of those people.
Hard target: The APT scenario
Stephen Lawton
January 03, 2012
Stealthy, targeted attacks are real -- as evidenced by operations such as Shady RAT and Stuxnet -- and there isn't a one-size-fits-all remedy to deal with them.
The 2012 election & cybercrime
Dan Kaplan
December 01, 2011
Then-candidate Barack Obama masterfully leveraged the web in a way never before done by a presidential candidate, but he also witnessed the online medium's underbelly.
Paying dividends: Financial Services Roundtable
Illena Armstrong
December 01, 2011
While the financial services industry traditionally has been quicker to embrace cybersecurity than other verticals, the challenges it faces, like meeting compliance and deterring fraud, never let up.
Over the horizon: Predictions for 2012
Staff Report
December 01, 2011
Guesses for what a new year will bring often are wrong, but that doesn't mean we can't try, right? A group of some of our most trusted sources break out the DeLorean and set it to "2012."
Top 5 influential IT security thinkers
Ryan Goldberg
,
Dan Kaplan
,
Greg Masters
,
Angela Moscaritolo
December 01, 2011
This year-end special section focuses on people who represent the highest degree of professionalism in security, individuals who stand out for their technical skills, managerial prowess, insight and advocacy.
Two minutes on: Are ISPs obliged to squash botnets?
Dan Kaplan
November 01, 2011
Is it an ISP's responsibility to combat botnets, asks SC Magazine Executive Editor Dan Kaplan.
Safe development: Safeguarding web applications
Deb Radcliff
November 01, 2011
Age-old vulnerabilities, like SQL injection and cross-site scripting, remain prevalent in applications. And that trend will continue, unless there is a fundamental shift in how programs are developed and secured.
Taking a pulse: SC Health Care Roundtable
Illena Armstrong
November 01, 2011
Data protection traditionally has lagged at health care organizations when compared to other industry verticals, and emerging technology like mobile devices and cloud computing doesn't make the challenge any easier.
The bug hunt
Angela Moscaritolo
November 01, 2011
Recognizing their code bases contain weaknesses and are prime targets for attackers, software companies such as Facebook are beginning to view the research community as more friend than foe.
Office mobility: Consumerization of devices
Beth Schultz November 01, 2011
No longer with the option of saying "no" to its employees, organizations are finding that solutions and techniques exist for managing and securing the mobile devices workers wish to connect to the corporate network.
Cutting the red tape: SC Roundtable
Illena Armstrong
October 03, 2011
As agencies are forced to do more with less, government security pros at a recent SC Magazine Roundtable discussion said they are being challenged to fight emerging threats and secure new technologies.
Making the grade: Privacy maturation
Angela Moscaritolo
October 03, 2011
The work being done by Kathleen Styles at the U.S. Department of Education is emblematic of a growing surge of privacy-led initiatives within the public and private sector. But many other firms are still falling short.
Keeping up the guard: Protecting credit cards
Dan Kaplan
October 03, 2011
Increased compliance and improved data-protection methods have helped ward off a major credit card breach this year. Yet plenty of holes at the merchant level still remain for a class as dedicated as criminals.
Beyond theory: Mobile malware
Dan Kaplan
October 03, 2011
The "bring your own device" revolution means that skilled malware writers are going to pay more and more attention to pushing their wares on mobile endpoints. How should businesses respond?
Border patrol: Perimeter defense
Angela Moscaritolo
September 01, 2011
The perimeter is a distant memory of what it once was, considering the influx of third-party workers combined with new technologies, such as cloud and mobile. But it still needs safeguarding.
Personnel check-up: Identity management
Jim Romeo
September 01, 2011
A sound approach to identification and authentication is an elementary building block to security policy within most any organization, but management of these disciplines face fresh challenges.
Breaking the next case
Deb Radcliff
September 01, 2011
Today's flurry of cybercrimes rely on an array of motivations, techniques and technologies, making the job of an investigator to track down the offender that much more difficult.
Incident response: Ground control
Dan Kaplan
September 01, 2011
Following a major breach this year, Lockheed Martin CISO Chandra McMahon explains how a quick and calculated reaction helped stave off a disaster. What are the tricks of the trade when it comes to IR?
Forensic intel: How digitial investigations have matured
Angela Moscaritolo
August 01, 2011
Forensics enables organizations to investigate and better understand a breach, but it also can extract insight that can be used to prevent future compromises.
Foreign office threats: Protecting operations overseas
Greg Masters
August 01, 2011
Amid a hodgepodge of national laws, calls for a global data exchange standard grow louder as sensitive data traverses national boundaries.
Flexible stance: SC Canada infosec pro of the year
Dan Kaplan
August 01, 2011
Mark Fabro has successfully married tech knowledge and C-level chops to help elevate his role -- and awareness around SCADA security -- to the next level.
Indexing risk perception
Angela Moscaritolo
July 01, 2011
In the complex world of cybersecurity, it often is difficult to know which threats pose the most risk.
Streamlining defenses: The new SOC
Angela Moscaritolo
July 01, 2011
The modern-day security operations center isn't just focused on physical surveillance. Many organizations have built situation rooms specifically to protect data and respond to cyberthreats.
Something borrowed: Benefits of PCI
Stephen Lawton July 01, 2011
The prescriptive nature of the Payment Card Industry Data Security Standard, often referred to as PCI, can benefit even those companies not processing credit card transactions.
Federation 2.0: An identity ecosystem
Deb Radcliff
July 01, 2011
Federated identity, the process of authenticating someone across multiple IT systems and organizations, is taking on new meaning with the growth of cloud and mobile.
Justice for all: Reforming e-discovery
Dan Kaplan
July 01, 2011
James Holderman, chief judge of the U.S. District Court in Chicago, is working to improve the e-discovery process for lawyers and IT teams at a time when digital evidence has never been so prolific.
No harm, no foul? We'll see.
Angela Moscaritolo
June 01, 2011
In a potentially precedent-setting court ruling, a federal judge declined to dismiss a lawsuit filed against RockYou over a breach that exposed millions of user credentials.
Eliminating trust: The zero-trust model
Angela Moscaritolo
June 01, 2011
The so-called "zero-trust" model - making security ubiquitous throughout the network and not just at the perimeter - offers a fresh way of thinking about defending against threats.
Power of many: Government and private sector alliance
Ryan Goldberg June 01, 2011
Despite the fact that reports often stress the need for robust government and industry partnerships, they've been slow to take shape. What has held back this seemingly symbiotic relationship?
The new frontier: Advancing education and innovation
Dan Kaplan
June 01, 2011
A new nonprofit, with roots at the Kennedy Space Center, isn't concerned about shuttle launches and landings, but wants to be the facilitator for the security industry.
Safety in the cloud: Cloud-based services
Deb Radcliff
June 01, 2011
With more organizations hesitant to entrust their sensitive data to the cloud and a handful of high-profile breaches, providers are augmenting their protections capabilities.
Attacking the email list provider
Angela Moscaritolo
May 02, 2011
A pair of massive data breaches have illustrated that marketing services firms have become a high-value target of cybercriminals aiming to steal valuable information that easily can be monetized.
Advanced threats: Assume the worst
Dan Kaplan
May 02, 2011
In today's sophisticated malware and intrusion tactics, organizations should already assume they have been compromised. The key is readiness, says Larry Whiteside, CISO, Visiting Nurse Service of N.Y.
Security recruiters round-up: Standing out
Greg Masters
May 02, 2011
Three top executive security recruiters weigh in on what today's information professional needs to do to shine in a volatile marketplace.
Embrace change: How security translates to business
Deb Radcliff
May 02, 2011
Security professionals are recognizing the need to possess operations knowledge that will help them translate security objectives into business enablement.
Information security certifications: Certs! Who cares?
Beth Schultz May 02, 2011
Some 73,000 people hold the CISSP certification. But in today's competitive job marketplace, are they enough to separate oneself form the pack?
Scaled down, armored up: Small and midsized business protection
Angela Moscaritolo
April 01, 2011
For many small and midsize businesses, neglecting IT security is a thing of the past, reports Angela Moscaritolo.
Skills in demand: Cloud technologies
Michael Potters, CEO, The Glenmont Group April 01, 2011
Cloud/security knowledge is in demand within such professions as network engineer, solutions architect, sales engineers and sales manager.
Me and my job: Ron Woerner, Bellevue University
April 01, 2011
Ron Woerner, director of cybersecurity studies, College of Information Technology, Bellevue University, answers a few questions about his position.
Company news
Dan Kaplan
April 01, 2011
The Financial Stability Industry Council has appointed its first executive director, HyTrust names a new chairman and CEO, and other company news.
Vendors and cyber offense
Angela Moscaritolo
April 01, 2011
Do revelations stemming from the Anonymous hack that HBGary Federal was engaged in shady, potentially illegal, activities cast the security industry as a whole in a negative light?
Threat of the month: Hacktivism
Don DeBolt, director of threat research, CA Technologies ISBU April 01, 2011
Hacktivism
Debate: Congress should pass a law that prohibits the tracking of a consumer's online behavior.
April 01, 2011
Two sides weigh in on whether so-called do-not-track applications, which monitor consumers' online behavior, should be regulated.
News briefs: Anonymous strikes again, Chinese hackers penetrate Morgan Stanley, FTC goes after spam operator and more
Angela Moscaritolo
April 01, 2011
Anonymous strikes again, Chinese hackers attack Morgan Stanley, and other news from the past month.
Overcoming new threats: A holistic approach to safeguards
John Vecchi, head of product marketing, Check Point Software April 01, 2011
Organizations of all sizes have different security needs and priorities, and are looking for flexible solutions that enable them to create their own portfolios.
Are you prepared for a breach?
Richard Blumberg, director of data breach response services at Equifax; Gary Kibel, partner at Davis & Gilbert LLP April 01, 2011
A prudent firm should not wait until a clear and direct obligation exists before taking steps to secure its systems and processes.
Are you ready for some action?
Illena Armstrong
April 01, 2011
Despite the lip service given to the nebulous concept of partnerships between public and private entities, what really has seen the light of day?
No silver bullet for PCI compliance
Eduardo Perez, chairman, PCI Security Standards Council April 01, 2011
All around the world, organizations are moving toward the adoption of updated PCI standards so that they can begin 2012 with assessments against the newest iterations.
The envelope, please...: SC Awards 2011
Greg Masters
April 01, 2011
Winners of the 2011 SC Awards U.S., honoring those companies and individuals that have most strongly contributed to the vitality of the industry, were announced Feb. 15 in San Francisco.
Digital stick-up: Online account fraud
Dan Kaplan
April 01, 2011
Corporate account takeover remains prevalent, resulting in $87.5 million in losses last year. But all banks can strive to prevent it, while staying within budget, says Rudy Wolfs of ING Direct.
Life after Stuxnet: Infrastructure safeguards
Greg Masters
April 01, 2011
The cyberattack last summer on Iran's nuclear facilities has upped the ante for decision-makers in charge of critical infrastructure and enterprise networks, reports Greg Masters.
Threat of the month: The Geinimi Android trojan
Randy Abrams, director of technical education, Cyber Threat Analysis Center, ESET March 01, 2011
Geinimi
Skills in demand: Identity and access management
Joyce Brocaglia, CEO, Alta Associates March 01, 2011
Every consulting firm that we are working with is requesting pros with identity and access management skills, says Joyce Brocaglia, CEO of Alta Associates.
Me and my job: Fares Alraie of Royal Bank of Canada
Fares Alraie software security specialist, Royal Bank of Canada March 01, 2011
Development teams often ignore application security requirements in order to meet all their hard-pressed deadlines and requirements, says Fares Alraie software security specialist at the Royal Bank of Canada.
ESET hires a new CEO, CloudPassage launches, plus other company news.
March 01, 2011
A roundup of company hires, partnerships and acquisitions in February.
Requiring ISPs to retain user logs
Dan Kaplan
March 01, 2011
Privacy advocates appear to be on the losing end of an initiative from the Department of Justice mandating the retention of user data by internet service providers (ISPs).
Debate: A governance body should be created to administer security certifications
March 01, 2011
Two sides weigh in on whether the federal government should become involved in the distribution of certifications for security professionals.
London police arrest suspected Anonymous members, dating website PlentyOfFish is hacked, plus other briefs
March 01, 2011
A summary of what made news in February.
Take mobile defense seriously
Jonathan Cattell, solutions manager, Airwide Solutions March 01, 2011
There is no doubt that data security and privacy concerns have almost completely migrated to the mobile channel.
The cloud's dirty secret
Jeff Nielsen, VP of engineering, BeyondTrust March 01, 2011
Enterprise security teams need to get involved early in the decision-making process in cloud initiatives.
Before tech, process and policy
Michael Gabriel, director of the FLIGHT Data Protection Practice at Integralis March 01, 2011
Data leakage prevention (DLP) is garnering a lot of attention as a cure-all for risk management.
Are things getting brighter...or not?
Illena Armstrong
March 01, 2011
Executives are poised to accept the additional expenses required to deploy evolved security solutions as they experience cost savings and increased productivity by relying on the cloud or mobile devices.
Post-WikiLeaks: Back to basics
Maurice Hampton, information security and privacy services leader, Clark Schaefer Consulting March 01, 2011
Dust off your company's risk assessment process and make sure it is up to date because this is where your approach to defending against a WikiLeaks type of threat is going to start.
Feeding frenzy: M&A activity in IT security
Deb Radcliff
March 01, 2011
Ravenous merger-and-acquisition activity is telling of a desire by organizations to consolidate their security and operational tasks, especially as threats increase.
Embedded in danger: Web-enabled devices
Angela Moscaritolo
March 01, 2011
Name a device and, chances are, it soon will have the capability to connect to the internet, if it does not already. Yet, with this web enablement comes a slew of risks for the enterprise.
SC Magazine's CSO of the Year
Illena Armstrong
March 01, 2011
SC Magazine has recognized Scott Sysol of CUNA Mutual Group as CSO of the Year for his work around data privacy, risk reduction, enterprise-wide IT controls and tapeless backup.
Skills in demand
Michael Potters, CEO, The Glenmont Group February 01, 2011
Companies are becoming increasingly concerned about the security of smartphones and tablets.
Me and my job
Michael Singer, executive director of security technology for AT&T Services February 01, 2011
There are so many threats to deal with, says Michael Singer, executive director of security technology for AT&T Services.
Company news: Verizon names Marcus Sachs as VP for national security policy
Dan Kaplan
February 01, 2011
Company news: Verizon names Marcus Sachs as VP for national security policy, and other announcements
The evolution of the DDoS
Angela Moscaritolo
February 01, 2011
The temporary takedown in December of a handful of websites that cut ties with controversial website WikiLeaks, including Visa and MasterCard, made national news.
THREAT OF THE MONTH
Carsten Eiram, chief security specialist, Secunia February 01, 2011
IE zero-day
Debate: The model of 'trust but verify' is effective at mitigating the insider threat.
February 01, 2011
Debate: The model of 'trust but verify' is effective at mitigating the insider threat.
Hackers compromise Silverpop email database; new Android trojan
Dan Kaplan
February 01, 2011
A summary of what made news in January.
The great malware cover-up
Marc Maiffret, chief security architect, FireEye February 01, 2011
What does the $4 billion network security industry do when a new attack is exposed? It plays "the great malware cover-up."
Privacy laws must change
Todd Thibodeaux and David Valdez, CompTIA February 01, 2011
Consumers have adopted personalized applications of all varieties, yet the way things stand, they must be prepared to sacrifice something at least as valuable: their privacy.
Smart mobile app development
Sean Martin, owner and directing consultant at imsmartin consulting February 01, 2011
Mobile threats will soon be used to gain access to personal and business devices, says Sean Martin.
Ensuring efficiency: Budget issues
Angela Moscaritolo
February 01, 2011
Still facing budgetary pressures, security execs must apply unique thinking to security spend, which might mean studying metrics, making friends and passing compliance on the cheap.
Cybercrime: Narrowing the gap
Deb Radcliff
February 01, 2011
The $1 trillion cybercrime industry is expertly - and competitively - run. Take a peek into the inner workings of these syndicates and how the good guys are closing in.
Internal review: The insider threat risk
Dan Kaplan
February 01, 2011
Thanks to WikiLeaks and a struggling economy, the internal threat has risen to a new level of prominence. Dawn Cappelli of Carnegie Mellon describes the profile of the rogue insider.
An accounting of the insiders
Illena Armstrong
February 01, 2011
No matter your view of Julian Assange, his WikiLeaks controversy is the story that just keeps on giving, says Illena Armstrong, editor-in-chief, SC Magazine.
Think like a chess player
Ward Spangenberg, director, security operations, Zynga February 01, 2011
The security chief of Zynga offers tips for deterring today's sophisticated attacks. They include understanding attack vectors, quantifying risk, controlling damage and being a trusted leader.
Skills in demand: Michael Potters, CEO, The Glenmont Group
Michael Potters, CEO, The Glenmont Group January 03, 2011
Many retailers are looking for architects and associate architects in information security.
Me and My Job: Steven Jones, Synovus Financial Corp.
Steven Jones, director, information security, VP, Synovus Financial Corp. January 03, 2011
A monthly Q&A with an IT security professional.
Company news: Weafer joins McAfee; IBM, AVG make acquisitions
Dan Kaplan
January 03, 2011
The latest personnel announcements and other company news.
WkiLeaks fallout: The data breach heard around the world
Dan Kaplan
January 03, 2011
After WikiLeaks began publishing secret U.S. diplomatic cables in late November, a number of pundits asked how the federal government failed to detect and prevent the disclosure of the classified data.
Threat of the month: P2P DNS
Don DeBolt, director of threat research, CA Technologies January 03, 2011
P2P DNS is the latest proposal for an alternative Domain Name System (DNS) service, one that strives to replace ICANN as the authority.
Debate: Organizations will be better able to handle data breaches in 2011.
Staff Report
January 03, 2011
Organizations will be better able to handle data breaches in 2011.
The dotted lines of health care
Bryan Cline, CISO and director of information security at Catholic Health East January 03, 2011
Health care chief information security officers (CISOs) have to ask themselves, "What exactly are the security and privacy requirements around EHR?"
M&A changing the IT landscape
Ken Male, executive vice chairman and founder of TheInfoPro. January 03, 2011
Large vendors are bundling major components of information security into their stack offerings, says TheInfoPro's Ken Male.
Data Breach Survey: Getting the bosses on board
Illena Armstrong
January 03, 2011
One of the findings in SC Magazine's fourth annual "Guarding Against a Data Breach" survey is that you can get compliant with a sound security program in place, but you might not necessarily get security with a compliance-based plan.
2011 SC Awards U.S.: Drum roll, please...
Staff Report
January 03, 2011
The winners of the prestigious 2011 SC Awards U.S. will be announced on Tuesday, Feb. 15 in San Francisco.
Current events
Staff Report
January 03, 2011
Our two gatherings - the third annual SC World Congress in New York and inaugural SC Congress Canada in Toronto - illustrated the vitality of the security industry.
Private matters: Privacy regulations
Angela Moscaritolo
January 03, 2011
Some say that the United States, compared to Europe and Canada, long has lagged in terms of privacy controls for consumers, but stricter regulations could in the offing.
Data breach survey: Data during a downtime
Illena Armstrong
January 03, 2011
SC Magazine's annual data breach survey shows that budgets will remain stagnant as threats continue to evolve.
Sponsored Links
Most Popular
Most Emailed
Most Recent
FBI call gives clues into Anonymous, LulzSec probes
Anonymous raids law firm over its defense of Marine
Deadline looms to remove click-fraud malware
MasterCard announces product future around EMV
Risk: Security's new compliance
Don't let Wi-Fi hotspots get the best of you
Symantec code posted despite attempt to trap suspect
Standards body to certify PCI end-user experts
Microsoft issues patch plans, includes Internet Explorer fix
Phishing email leads to Denver area health care breach
Risk: Security's new compliance
Deadline looms to remove click-fraud malware
FBI call gives clues into Anonymous, LulzSec probes
Anonymous raids law firm over its defense of Marine
Standards body to certify PCI end-user experts
Breaches aided by weak passwords, poor AV detection
MasterCard announces product future around EMV
Phishing email leads to Denver area health care breach
Don't let Wi-Fi hotspots get the best of you
Security vendors can no longer ignore patch management
Trojan appears that leverages patched Microsoft Office flaw
Microsoft issues patch plans, includes Internet Explorer fix
Standards body to certify PCI end-user experts
Breaches aided by weak passwords, poor AV detection
Hacktivist-led DDoS is now the most common type, study finds
Anonymous renders Canadian Nazis not-so-anonymous
Cavoukian slams Supreme Court
SDA, McAfee mark Canada's card
Symantec code posted despite attempt to trap suspect
MasterCard announces product future around EMV
Powered by Disqus
Popular Topics
Analyst Reports & Industry Surveys
Android
Anonymous
Breaches & Exposures
Canada
Data Breaches
DNS
Education
Finance
Government
Hackers
Hacktivism
Health Care
Lawbreakers & Cybercrime
Lawsuit
Legislation
LulzSec
Malware
Mobile Applications
Mobile Devices
Patch Management
PCI Compliance
SC Awards 2012
Trojans
Vulnerabilities & Flaws