November 2013 Issue of SCMagazine

November 2013 Issue of SCMagazine

This month's issue includes features on financial sector, mobile payment options, international cyber security standards, and more.


Moving on up

Most agree, CISOs are at a crossroads now, says Illena Armstrong, VP, editorial, SC Magazine.


News briefs: The latest from RSA, Microsoft, and more

This month's news briefs include important advisories issued by RSA and NIST, as well as a critical update released by Microsoft.

Company news: A new CEO at Ipanema and Windward IT Solutions new addition

Personnel announcements and M&A activity: Ipanema Technologies, Kabel Deutschland, CrowdStrike, Windward IT Solutions, F5 Networks and more.

Threat of the month

Threat of the month: IE zero-day vulnerability

This month's threat of the month is the major zero-day vulnerability that affects Internet Explorer versions 6 through 11.

2 minutes on

Locking your website

Recent attacks on a number of major websites were traced back to one source: Melbourne IT, an Australian domain name registrar.

Skills in Demand

Skills in demand: Service desk engineers

Service desk engineers and managers are in high demand.

Me and my job

Me and my job: Jesse Bowling senior information security engineer, American University

The time and energy to optimize a service or process is often seen as an unaffordable luxury, says Jesse Bowling senior information security engineer, American ...


Debate: The NSA's mission to crack encryption upholds national security

In this month's debate, we received a number of responses to our debate topic this month, which covers the NSA's attempts to crack encryption methods.


SMBs: Easy targets

The first step toward better protecting an organization is to learn how cyber attacks work.

CSOs should report to the CEO

CSOs need to be able to function at the highest levels of an organization while not being tethered to a specific department or operational function.

CSO's desk

Beyond the hype on Big Data

Using Big Data for security is the "new hotness," says Holly Ridgeway, SVP and CISO enterprise systems at PNC.


Bank on it: Attacks on financial institutions

Risk is with us, whether physical or online, says Doug Johnson, American Bankers Association. James Hale reports.

Campus access: Case study

A Utah university found a solution to enable secure access to the campus network - while cutting down on help desk calls, reports Greg Masters.

Blame game: Cyber espionage

Nation-states are extricating intellectual property from U.S. government entities and private corporations, reports David Cotriss.

Border watch: International standards

Despite testy relations among countries, international cyber security standards offer the promise of cooperation, Alan Earls reports.

Clutter in the airwaves: Mobile payment security

While already ubiquitous in much of the world, mobile payment options are gaining traction in the United States, reports Stephen Lawton.

Product opener

The way in: Application security

Web applications as front-ends for databases provide the way into an enterprise through simple attacks, such as SQL injection. We have solutions.

Group Test 1

BIG-IP Application Security Manager (ASM)

The tool takes advantage of IP reputation, context and categorization to analyze incoming and outgoing IP addresses.


A comprehensive database security management tool that provides vulnerability assessment, auditing and monitoring for database management systems.

SecureSphere X1010 Web Application Firewall X1010

The appealing aspect of the SecureSphere X1010 Web Application Firewall X1010 - and other Imperva servers - was the preloaded policies that were already running ...

SecureSphere Database Activity Monitoring (X2500)

This solution provides protection against such attacks as SQL injection. It is intended to be used with SecureSphere Web Application Firewall.

McAfee Database Security Solution

McAfee describes the functionality of the tool as providing "the five essentials for database protection: discovery, assessment, monitoring, prevention and compliance."

Group Test 2

CA DataMinder Classification

CA DataMinder Classification “discovers and classifies sensitive structured and unstructured content stored within file servers, databases, collaboration tools and storage repositories.

TITUS Classification

Provides email and document classification – when both products are used – for Microsoft platforms.

Verdasys Managed Service

As part of the Digital Guardian program, provides data classification.

Varonis DatAdvantage and IDU Classification Framework

Provides data classification for human-generated files, such as documents and SharePoint files or any human-generated files that reside on file servers.

Workshare Enterprise

SaaS-delivered secure collaboration application.

Barracuda Web Application Firewall (Model 660)

Model 660 is a useful tool that provides protection for web applications.

Last Word

The coming Internet of Things

We don't need to make the same mistakes of the first generation of PCs and servers, says the SANS Institute's John Pescatore.


Sign up to our newsletters