Get up-to-the-minute news and opinions, plus access to a wide assortment of IT security resources that will keep you current and informed.

Keep me logged in Forgot your password?

Please wait...

Please wait...

Health hazard: SC Magazine Roundtable

May 01, 2012

Health care traditionally, compared with other industries, has lagged in terms of cyber defense, but with attackers now specifically targeting these organizations for patient data, inaction is no longer an option.
 

Exotic, new connections: Embedded devices

May 01, 2012

For a while, only traditional PCs were connected to the public internet. But with most devices now gaining networked capabilities, it's only a matter of time before your television can contract a virus.
 

A smarter migration: Cloud computing

May 01, 2012

The decision to move to the cloud has always been wrought with anxiety over entrusting one's data to a third-party. Learning which questions to ask of a provider can help mitigate that concern.
 

Seal of approval: Security certifications

May 01, 2012

Certifications have long validated security skills, says W. Hord Tipton of (ISC)2. But as the profession evolves and more educational opportunities pop up, how valuable do they remain?
 

Tightening the fed's belt: Government Roundtable

April 02, 2012

At a recent SC Magazine Roundtable, gov't security pros bemoaned the difficulty in obtaining resources. But instead of crying over spilled milk, they traded ideas for mitigating risk in a down economy.
 

The global landscape: International cooperation

April 02, 2012

The FBI-led takedown of Hong Kong-based P2P site MegaUpload -- and the arrests in New Zealand of its leaders -- was a big win for law enforcement. But pursuing suspects across borders can be tricky.
 

Cyber Warfare: The next Cold War

April 02, 2012

Much of the breach conversation over the past year has been devoted to so-called hacktivists. But nation-state adversaries, bent on looting organizations of intellectual property, are another breed entirely.
 

Big Data: The big picture

April 02, 2012

With data proliferating at astonishing rates, organizations are tearing into it, hoping to derive new business value, which, according to Zions CSO Preston Wood, includes better security decision making.
 

Hacktivism endures

March 01, 2012

The threat posed by politically motivated attackers, known as hacker activists, or hacktivists, is far-reaching, yet authorities are finding it difficult to take down a structurally decentralized movement.
 

Code surety: Secure by design

Deb Radcliff March 01, 2012

More-than-decade-old bugs still plague web applications, and the challenge is only growing for programs migrating to the cloud. But new frameworks and heightened awareness can mitigate the threat.
 

CSO of the Year: Stephen Scharf

March 01, 2012

Stephen Scarf was a history major and an English minor in college. He then negotiated a diverse career path to reach his current role as global CISO of Experian. But, he wouldn't change a thing.
 

Boundless information: Mining social networks

February 01, 2012

Criminals are finding social media websites like Facebook, which contain a vast array of personal assets, to be a treasure trove of information that they can use to launch further attacks.
 

Adjoining islands: Security convergence

February 01, 2012

Turf wars remain a major roadblock to embracing the merger of physical and logical security. But Honolulu CIO Gordon Bruce believes the right time for such a project is now.
 

Cyber beacons: The challenges of new technologies

February 01, 2012

Organizations are working overtime to design ways to control, via policy and technology, employees' penchant for sharing private information across social networking and mobile devices.
 

Bumper crop: Cyber security legislation

January 03, 2012

Data security measures have a long, storied history of meeting their demise on Capitol Hill. But two proposals have the bipartisan support that give them at least a shot at passage in 2012.
 

SC Magazine survey: Guarding against a data breach

January 03, 2012

Security conversations are as audible as ever, yet budgets remain largely flat. However, an expected influx of compliance audits may serve as the driver for more dollars. We polled 488 pros for their thoughts.
 

The new wave: Modern security education

January 03, 2012

Sometimes a little bit of competition is what it takes to get students on the path to careers in security. Software engineer Alex Levinson, who won the U.S. Cyber Challenge, was one of those people.
 

Hard target: The APT scenario

January 03, 2012

Stealthy, targeted attacks are real -- as evidenced by operations such as Shady RAT and Stuxnet -- and there isn't a one-size-fits-all remedy to deal with them.
 

The 2012 election & cybercrime

December 01, 2011

Then-candidate Barack Obama masterfully leveraged the web in a way never before done by a presidential candidate, but he also witnessed the online medium's underbelly.
 

Paying dividends: Financial Services Roundtable

December 01, 2011

While the financial services industry traditionally has been quicker to embrace cybersecurity than other verticals, the challenges it faces, like meeting compliance and deterring fraud, never let up.
 

Over the horizon: Predictions for 2012

December 01, 2011

Guesses for what a new year will bring often are wrong, but that doesn't mean we can't try, right? A group of some of our most trusted sources break out the DeLorean and set it to "2012."
 

Top 5 influential IT security thinkers

, , , December 01, 2011

This year-end special section focuses on people who represent the highest degree of professionalism in security, individuals who stand out for their technical skills, managerial prowess, insight and advocacy.
 

Two minutes on: Are ISPs obliged to squash botnets?

November 01, 2011

Is it an ISP's responsibility to combat botnets, asks SC Magazine Executive Editor Dan Kaplan.
 

Safe development: Safeguarding web applications

November 01, 2011

Age-old vulnerabilities, like SQL injection and cross-site scripting, remain prevalent in applications. And that trend will continue, unless there is a fundamental shift in how programs are developed and secured.
 

Taking a pulse: SC Health Care Roundtable

November 01, 2011

Data protection traditionally has lagged at health care organizations when compared to other industry verticals, and emerging technology like mobile devices and cloud computing doesn't make the challenge any easier.
 

The bug hunt

November 01, 2011

Recognizing their code bases contain weaknesses and are prime targets for attackers, software companies such as Facebook are beginning to view the research community as more friend than foe.
 

Office mobility: Consumerization of devices

Beth Schultz November 01, 2011

No longer with the option of saying "no" to its employees, organizations are finding that solutions and techniques exist for managing and securing the mobile devices workers wish to connect to the corporate network.
 

Cutting the red tape: SC Roundtable

October 03, 2011

As agencies are forced to do more with less, government security pros at a recent SC Magazine Roundtable discussion said they are being challenged to fight emerging threats and secure new technologies.
 

Making the grade: Privacy maturation

October 03, 2011

The work being done by Kathleen Styles at the U.S. Department of Education is emblematic of a growing surge of privacy-led initiatives within the public and private sector. But many other firms are still falling short.
 

Keeping up the guard: Protecting credit cards

October 03, 2011

Increased compliance and improved data-protection methods have helped ward off a major credit card breach this year. Yet plenty of holes at the merchant level still remain for a class as dedicated as criminals.
 

Beyond theory: Mobile malware

October 03, 2011

The "bring your own device" revolution means that skilled malware writers are going to pay more and more attention to pushing their wares on mobile endpoints. How should businesses respond?
 

Border patrol: Perimeter defense

September 01, 2011

The perimeter is a distant memory of what it once was, considering the influx of third-party workers combined with new technologies, such as cloud and mobile. But it still needs safeguarding.
 

Personnel check-up: Identity management

September 01, 2011

A sound approach to identification and authentication is an elementary building block to security policy within most any organization, but management of these disciplines face fresh challenges.
 

Breaking the next case

September 01, 2011

Today's flurry of cybercrimes rely on an array of motivations, techniques and technologies, making the job of an investigator to track down the offender that much more difficult.
 

Incident response: Ground control

September 01, 2011

Following a major breach this year, Lockheed Martin CISO Chandra McMahon explains how a quick and calculated reaction helped stave off a disaster. What are the tricks of the trade when it comes to IR?
 

Forensic intel: How digitial investigations have matured

August 01, 2011

Forensics enables organizations to investigate and better understand a breach, but it also can extract insight that can be used to prevent future compromises.
 

Foreign office threats: Protecting operations overseas

August 01, 2011

Amid a hodgepodge of national laws, calls for a global data exchange standard grow louder as sensitive data traverses national boundaries.
 

Flexible stance: SC Canada infosec pro of the year

August 01, 2011

Mark Fabro has successfully married tech knowledge and C-level chops to help elevate his role -- and awareness around SCADA security -- to the next level.
 

Indexing risk perception

July 01, 2011

In the complex world of cybersecurity, it often is difficult to know which threats pose the most risk.
 

Streamlining defenses: The new SOC

July 01, 2011

The modern-day security operations center isn't just focused on physical surveillance. Many organizations have built situation rooms specifically to protect data and respond to cyberthreats.
 

Something borrowed: Benefits of PCI

Stephen Lawton July 01, 2011

The prescriptive nature of the Payment Card Industry Data Security Standard, often referred to as PCI, can benefit even those companies not processing credit card transactions.
 

Federation 2.0: An identity ecosystem

July 01, 2011

Federated identity, the process of authenticating someone across multiple IT systems and organizations, is taking on new meaning with the growth of cloud and mobile.
 

Justice for all: Reforming e-discovery

July 01, 2011

James Holderman, chief judge of the U.S. District Court in Chicago, is working to improve the e-discovery process for lawyers and IT teams at a time when digital evidence has never been so prolific.
 

No harm, no foul? We'll see.

June 01, 2011

In a potentially precedent-setting court ruling, a federal judge declined to dismiss a lawsuit filed against RockYou over a breach that exposed millions of user credentials.
 

Eliminating trust: The zero-trust model

June 01, 2011

The so-called "zero-trust" model - making security ubiquitous throughout the network and not just at the perimeter - offers a fresh way of thinking about defending against threats.
 

Power of many: Government and private sector alliance

Ryan Goldberg June 01, 2011

Despite the fact that reports often stress the need for robust government and industry partnerships, they've been slow to take shape. What has held back this seemingly symbiotic relationship?
 

The new frontier: Advancing education and innovation

June 01, 2011

A new nonprofit, with roots at the Kennedy Space Center, isn't concerned about shuttle launches and landings, but wants to be the facilitator for the security industry.
 

Safety in the cloud: Cloud-based services

June 01, 2011

With more organizations hesitant to entrust their sensitive data to the cloud and a handful of high-profile breaches, providers are augmenting their protections capabilities.
 

Attacking the email list provider

May 02, 2011

A pair of massive data breaches have illustrated that marketing services firms have become a high-value target of cybercriminals aiming to steal valuable information that easily can be monetized.
 

Advanced threats: Assume the worst

May 02, 2011

In today's sophisticated malware and intrusion tactics, organizations should already assume they have been compromised. The key is readiness, says Larry Whiteside, CISO, Visiting Nurse Service of N.Y.
 

Security recruiters round-up: Standing out

May 02, 2011

Three top executive security recruiters weigh in on what today's information professional needs to do to shine in a volatile marketplace.
 

Embrace change: How security translates to business

May 02, 2011

Security professionals are recognizing the need to possess operations knowledge that will help them translate security objectives into business enablement.
 

Information security certifications: Certs! Who cares?

Beth Schultz May 02, 2011

Some 73,000 people hold the CISSP certification. But in today's competitive job marketplace, are they enough to separate oneself form the pack?
 

Scaled down, armored up: Small and midsized business protection

April 01, 2011

For many small and midsize businesses, neglecting IT security is a thing of the past, reports Angela Moscaritolo.
 

Skills in demand: Cloud technologies

Michael Potters, CEO, The Glenmont Group April 01, 2011

Cloud/security knowledge is in demand within such professions as network engineer, solutions architect, sales engineers and sales manager.
 

Me and my job: Ron Woerner, Bellevue University

April 01, 2011

Ron Woerner, director of cybersecurity studies, College of Information Technology, Bellevue University, answers a few questions about his position.
 

Company news

April 01, 2011

The Financial Stability Industry Council has appointed its first executive director, HyTrust names a new chairman and CEO, and other company news.
 

Vendors and cyber offense

April 01, 2011

Do revelations stemming from the Anonymous hack that HBGary Federal was engaged in shady, potentially illegal, activities cast the security industry as a whole in a negative light?
 

Threat of the month: Hacktivism

Don DeBolt, director of threat research, CA Technologies ISBU April 01, 2011

Hacktivism
 

Debate: Congress should pass a law that prohibits the tracking of a consumer's online behavior.

April 01, 2011

Two sides weigh in on whether so-called do-not-track applications, which monitor consumers' online behavior, should be regulated.
 

News briefs: Anonymous strikes again, Chinese hackers penetrate Morgan Stanley, FTC goes after spam operator and more

April 01, 2011

Anonymous strikes again, Chinese hackers attack Morgan Stanley, and other news from the past month.
 

Overcoming new threats: A holistic approach to safeguards

John Vecchi, head of product marketing, Check Point Software April 01, 2011

Organizations of all sizes have different security needs and priorities, and are looking for flexible solutions that enable them to create their own portfolios.
 

Are you prepared for a breach?

Richard Blumberg, director of data breach response services at Equifax; Gary Kibel, partner at Davis & Gilbert LLP April 01, 2011

A prudent firm should not wait until a clear and direct obligation exists before taking steps to secure its systems and processes.
 

Are you ready for some action?

April 01, 2011

Despite the lip service given to the nebulous concept of partnerships between public and private entities, what really has seen the light of day?
 

No silver bullet for PCI compliance

Eduardo Perez, chairman, PCI Security Standards Council April 01, 2011

All around the world, organizations are moving toward the adoption of updated PCI standards so that they can begin 2012 with assessments against the newest iterations.
 

The envelope, please...: SC Awards 2011

April 01, 2011

Winners of the 2011 SC Awards U.S., honoring those companies and individuals that have most strongly contributed to the vitality of the industry, were announced Feb. 15 in San Francisco.
 

Digital stick-up: Online account fraud

April 01, 2011

Corporate account takeover remains prevalent, resulting in $87.5 million in losses last year. But all banks can strive to prevent it, while staying within budget, says Rudy Wolfs of ING Direct.
 

Life after Stuxnet: Infrastructure safeguards

April 01, 2011

The cyberattack last summer on Iran's nuclear facilities has upped the ante for decision-makers in charge of critical infrastructure and enterprise networks, reports Greg Masters.
 

Threat of the month: The Geinimi Android trojan

Randy Abrams, director of technical education, Cyber Threat Analysis Center, ESET March 01, 2011

Geinimi
 

Skills in demand: Identity and access management

Joyce Brocaglia, CEO, Alta Associates March 01, 2011

Every consulting firm that we are working with is requesting pros with identity and access management skills, says Joyce Brocaglia, CEO of Alta Associates.
 

Me and my job: Fares Alraie of Royal Bank of Canada

Fares Alraie software security specialist, Royal Bank of Canada March 01, 2011

Development teams often ignore application security requirements in order to meet all their hard-pressed deadlines and requirements, says Fares Alraie software security specialist at the Royal Bank of Canada.
 

ESET hires a new CEO, CloudPassage launches, plus other company news.

March 01, 2011

A roundup of company hires, partnerships and acquisitions in February.
 

Requiring ISPs to retain user logs

March 01, 2011

Privacy advocates appear to be on the losing end of an initiative from the Department of Justice mandating the retention of user data by internet service providers (ISPs).
 

Debate: A governance body should be created to administer security certifications

March 01, 2011

Two sides weigh in on whether the federal government should become involved in the distribution of certifications for security professionals.
 
 

Take mobile defense seriously

Jonathan Cattell, solutions manager, Airwide Solutions March 01, 2011

There is no doubt that data security and privacy concerns have almost completely migrated to the mobile channel.
 

The cloud's dirty secret

Jeff Nielsen, VP of engineering, BeyondTrust March 01, 2011

Enterprise security teams need to get involved early in the decision-making process in cloud initiatives.
 

Before tech, process and policy

Michael Gabriel, director of the FLIGHT Data Protection Practice at Integralis March 01, 2011

Data leakage prevention (DLP) is garnering a lot of attention as a cure-all for risk management.
 

Are things getting brighter...or not?

March 01, 2011

Executives are poised to accept the additional expenses required to deploy evolved security solutions as they experience cost savings and increased productivity by relying on the cloud or mobile devices.
 

Post-WikiLeaks: Back to basics

Maurice Hampton, information security and privacy services leader, Clark Schaefer Consulting March 01, 2011

Dust off your company's risk assessment process and make sure it is up to date because this is where your approach to defending against a WikiLeaks type of threat is going to start.
 

Feeding frenzy: M&A activity in IT security

March 01, 2011

Ravenous merger-and-acquisition activity is telling of a desire by organizations to consolidate their security and operational tasks, especially as threats increase.
 

Embedded in danger: Web-enabled devices

March 01, 2011

Name a device and, chances are, it soon will have the capability to connect to the internet, if it does not already. Yet, with this web enablement comes a slew of risks for the enterprise.
 

SC Magazine's CSO of the Year

March 01, 2011

SC Magazine has recognized Scott Sysol of CUNA Mutual Group as CSO of the Year for his work around data privacy, risk reduction, enterprise-wide IT controls and tapeless backup.
 

Skills in demand

Michael Potters, CEO, The Glenmont Group February 01, 2011

Companies are becoming increasingly concerned about the security of smartphones and tablets.
 

Me and my job

Michael Singer, executive director of security technology for AT&T Services February 01, 2011

There are so many threats to deal with, says Michael Singer, executive director of security technology for AT&T Services.
 

Company news: Verizon names Marcus Sachs as VP for national security policy

February 01, 2011

Company news: Verizon names Marcus Sachs as VP for national security policy, and other announcements
 

The evolution of the DDoS

February 01, 2011

The temporary takedown in December of a handful of websites that cut ties with controversial website WikiLeaks, including Visa and MasterCard, made national news.
 

THREAT OF THE MONTH

Carsten Eiram, chief security specialist, Secunia February 01, 2011

IE zero-day
 

Debate: The model of 'trust but verify' is effective at mitigating the insider threat.

February 01, 2011

Debate: The model of 'trust but verify' is effective at mitigating the insider threat.
 

Hackers compromise Silverpop email database; new Android trojan

February 01, 2011

A summary of what made news in January.
 

The great malware cover-up

Marc Maiffret, chief security architect, FireEye February 01, 2011

What does the $4 billion network security industry do when a new attack is exposed? It plays "the great malware cover-up."
 

Privacy laws must change

Todd Thibodeaux and David Valdez, CompTIA February 01, 2011

Consumers have adopted personalized applications of all varieties, yet the way things stand, they must be prepared to sacrifice something at least as valuable: their privacy.
 

Smart mobile app development

Sean Martin, owner and directing consultant at imsmartin consulting February 01, 2011

Mobile threats will soon be used to gain access to personal and business devices, says Sean Martin.
 

Ensuring efficiency: Budget issues

February 01, 2011

Still facing budgetary pressures, security execs must apply unique thinking to security spend, which might mean studying metrics, making friends and passing compliance on the cheap.
 

Cybercrime: Narrowing the gap

February 01, 2011

The $1 trillion cybercrime industry is expertly - and competitively - run. Take a peek into the inner workings of these syndicates and how the good guys are closing in.
 

Internal review: The insider threat risk

February 01, 2011

Thanks to WikiLeaks and a struggling economy, the internal threat has risen to a new level of prominence. Dawn Cappelli of Carnegie Mellon describes the profile of the rogue insider.
 

An accounting of the insiders

February 01, 2011

No matter your view of Julian Assange, his WikiLeaks controversy is the story that just keeps on giving, says Illena Armstrong, editor-in-chief, SC Magazine.
 

Think like a chess player

Ward Spangenberg, director, security operations, Zynga February 01, 2011

The security chief of Zynga offers tips for deterring today's sophisticated attacks. They include understanding attack vectors, quantifying risk, controlling damage and being a trusted leader.
 

Skills in demand: Michael Potters, CEO, The Glenmont Group

Michael Potters, CEO, The Glenmont Group January 03, 2011

Many retailers are looking for architects and associate architects in information security.
 

Me and My Job: Steven Jones, Synovus Financial Corp.

Steven Jones, director, information security, VP, Synovus Financial Corp. January 03, 2011

A monthly Q&A with an IT security professional.
 
Popular Topics
4G-war Account Information Advanced Persistent Threat Anonymous Apple Threats Botnets Cyber Attacks Cyber Crime Data Breach Data Breaches Encryption Hackers Hacktivism Health Care IT Security Java Malware Mobile Devices Phishing Risk Management Social Security Numbers Stolen Information Survey Trojans Vulnerabilities & Flaws