Don't let Wi-Fi hotspots get the best of you

Swen Baumann, product manager, NCP Engineering February 06, 2012

Securing wireless connectivity for roaming employees is not as simple as instituting corporate policy. It also requires the education of both administrators and end-users -- and some technology help.
 

The five new laws of anti-malware

Zulfikar Ramzan, chief scientist, Sourcefire • January 23, 2012

Today, the best overall security solution includes technologies that can help you quickly respond to an inevitable attack.
 

Make the first 24 hours of data breach resolution count

Ozzie Fonseca, senior director, Experian Data Breach Resolution January 19, 2012

If your company doesn't have a response plan, the unending spate of recent breaches is surely motivation enough to create one.
 

The next remote access challenge: Seamless VPN roaming

Patrick Oliver Graf, general manager, NCP engineering • January 19, 2012

In today's mobile world, it's not uncommon to be faced with a multitude of connection types on any given day.
 

APTs in critical infrastructure organizations

Dave Amsler, President and CIO, Foreground Security January 18, 2012

Many managers of utilities companies don't understand or appreciate the value of IT security...at their, the facilities' and the community's peril.
 

Enterprise app stores can reduce mobile security threat

Liam Lahey, online community manager, Partnerpedia January 17, 2012

With BYOD, there's a confluence of people bringing in potential dangers from the outside that in turn presents a new class of security concerns that businesses haven't had to consider before.
 

Breaking down Duqu: The not-so-lost son of Stuxnet

Andrew Browne, malware labs team leader, Lavasoft January 13, 2012

It's been several months since the Duqu trojan arrived on the scene, allowing researchers to take a deep look at the threat and what it means going forward.
 

Encryption bans in the name of fighting terrorism hurt security

Rainer Enders, CTO of Americas, NCP Engineering December 28, 2011

Governments need to fight terrorism in ways other than prohibiting the encryption of networks, a technology that is essential to locking down business' private communication.
 

'Tis the season for consumerization of IT

Nathan McNeill, co-founder and chief strategy officer, Bomgar December 19, 2011

With the holidays right around the corner, expect many workers to soon be returning from their breaks with shiny new personal devices, like an iPad, in hand -- and wanting to connect them to the corporate network. IT departments must have a response plan in place.
 

On creating an IAM governance body

Ash Motiwala, CTO, Identropy December 13, 2011

Identity and access management programs are quite tricky to scale across an organization, but implementing a governance team can go a long way to effectively using the technology to meet compliance and manage user permissions.
 

Online privacy and security breeds customer confidence

Chris Babel, CEO, TRUSTe December 09, 2011

Studies show that online consumers are concerned about security and privacy. That means web retailers must ensure they are taking all the steps necessary to ensure a safe and transparent shopping experience.
 

Getting serious about health care security

Peter Spier, manager of professional services, Fortrex Technologies December 06, 2011

Health care providers and their patients both have parts to play in the high-stakes game of protecting sensitive medical information, especially as technology becomes easier to implement and enforcement of regulations intensifies.
 

We are our own worst enemy

Michael Tanji, CSO at Kyrus December 01, 2011

To avoid past mistakes, one should appeal to outside experts, says Kyrus CTO Michael Tanji.
 

Preparing for mobile security emergencies

Lysa Myers, director of research, West Coast Labs November 29, 2011

Mobile malware authors have skipped the rudimentary phase and are immediately creating threats that mimic complex malicious code common in the traditional PC environment. But defense technologies are countering with sophistication of their own.
 

Holiday folly for retailers with DNS glitches

Sean Leach, vice president of strategy, VeriSign Network Intelligence and Availability Group November 22, 2011

Proper DNS management by organizations is critical to protecting against threats and staying online during the busy holiday months.
 

Part Two: Duqu: father, son, or unholy ghost of Stuxnet?

Jeremy Sparks, Robert M. Lee, and Paul Brandau, cyberspace officers November 09, 2011

Three U.S. Air Force information security experts, independent of their role in the military, studied the Duqu trojan, and you might be surprised by what they found. This is the second article in a two-part series that examines the sophisticated threat that everyone is talking about.
 

The security industry that cried wolf

Lysa Myers, director of research, West Coast Labs November 04, 2011

The security industry, and the media that covers it, would be better served focusing on the tried-and-true motives for cybercrime, not conspiracy theories.
 

The virus problem is worse than you think

Dan Emory, leader, information assurance practice, TKC Global November 03, 2011

With record numbers of threats and the increasing inability to detect them through traditional means, the time is now for the anti-virus industry to reinvent itself.
 

Duqu: father, son, or unholy ghost of Stuxnet?

Jeremy Sparks, Robert M. Lee, and Paul Brandau, cyberspace officers November 02, 2011

Three U.S. Air Force information security experts, independent of their role in the military, studied the Duqu trojan, and you might be surprised by what they found. This is the first article in a two-part series that examines the sophisticated threat that everyone is talking about.
 

Your security will fail, but is this the right attitude?

Sean Martin, founder, imsmartin consulting October 27, 2011

IT professionals wishing to protect their systems from sophisticated attacks are receiving mixed messages of how to combat the problem. Their confusion is understandable, but the most important takeaway message is to not accept failure.
 

Keep your PCs closed to online criminals

Mike Cote, vice president, Dell SecureWorks October 14, 2011

Small and midsize businesses have been hit hard by corporate bank account takeovers. But there are easy-to-implement techniques to ensure the criminal passes them over in favor of a lower-hanging fruit.
 

Overcoming America's lost decade of IT security

Anup Ghosh, founder and chief scientist, Invincea October 10, 2011

An overreliance on compliance and limited information sharing between the federal government and the private sector have resulted in attackers holding a firm edge over security professionals. How do we take back a decade of losing?
 

What iCloud means to enterprise IT

Andres Rodriguez, CEO, Nasuni • October 06, 2011

When Steve Jobs announced iCloud at the Apple Worldwide Developer Conference, many in enterprise IT dismissed the broader relevance of consumer cloud services, but they do so at their peril.
 

Who's listening to your conference calls?

Alan Brill, senior managing director for Kroll’s Computer Forensics & Secure Information Services Practice October 05, 2011

While phone conference lines vary, they don't provide for a lot of security.
 

Can we stop hacktivism?

Matthew Pascucci, information security analyst, financial services firm October 04, 2011

The answer is "no," but that doesn't mean security professionals are hopeless in defending their networks against politically minded intruders. Not to mention, you have more in common with them than you might think.
 

Cloud management practices

Michael Ginsberg CEO, Echoworx October 03, 2011

Developers can now turn to third-party platforms to meet their credential management needs, says Michael Ginsberg, CEO, Echoworx.
 

Bring Android to work, safely

Gareth Maclachlan COO, AdaptiveMobile October 03, 2011

Securing Android - or any mobile device - will go beyond standard protection methods, says Gareth Maclachlan COO, AdaptiveMobile.
 

Cloud: A risk/reward proposition

October 03, 2011

Assessing what level of risk is acceptable to one's business is key to any move to the cloud, says Siobhan Byron, president of Forsythe Technology Canada.
 

Breaking down the updated FFIEC guidance

Sarah Fender, vice president, PhoneFactor September 15, 2011

As attackers have found a way to break traditional online banking security controls, recently issued guidelines offer some new advice for financial institutions.
 

Is your security infrastructure agile enough?

Marc Solomon, senior VP of marketing, Sourcefire September 12, 2011

The state of both the IT and threat landscape is impossible to change, so security professionals must respond with an infrastructure that is automated and adaptable.
 

Advanced persistent threats call for a reality check

Sean Martin, founder, imsmartin consulting September 07, 2011

Before seeking out help from vendors in dealing with the advanced persistent threat, security professionals must understand exactly what defines such an attack.
 

No pointing fingers: Defense in the cloud is everyone's responsibility

Merritt Maxim, CA Technologies September 01, 2011

Protecting data in the cloud is a shared sacrifice for end-users and providers, but understanding who needs to do what can sometimes be tricky.
 

Affiliate programs: legitimate business or fueling cybercrime?

Bradley Anstis, VP technical strategy, M86 Security August 30, 2011

Going after the financial middlemen, known as affiliate programs, may be the most effective way to eradicate spam. But one must not forget: Some of these services are legitimate.
 

Recruiting and developing the 21st century cyber warrior

Catherine Nicholas, manager, PwC's Public Sector practice August 23, 2011

Recruiting skilled cybersecurity personnel is a major U.S. military priority, but plucking the best and brightest to join the ranks will require a unique approach.
 

Voicemail hacking: Does the current technology make it too easy?

Alan Brill, Kroll Ontrack August 17, 2011

Mobile service providers can do a lot more to stop people from easily breaking into voicemail boxes, including providing users with alerts when their messages are accessed.
 

Who missed Facebook's bounty party?

Sean Martin, founder, imsmartin consulting August 12, 2011

Facebook should use its recently announced vulnerability bounty program to push for more security in third-party applications that run on the site.
 

Web browsers offer more protection than you may think

Sam Alapati, senior technical director, Miro Consulting August 02, 2011

Browser security has come a long way in recent years, and utilizing certain features can help stave off attacks. Our author calls out three browsers he thinks stands above the rest in protecting you against threats and safeguarding your privacy.
 

APTs: New term, old problem

Will Irace director of threat research, Fidelis Security Systems August 01, 2011

Let's forgo the APT hysteria long enough to make sure we're doing a good job on the fundamentals.
 

Lessons of the Sony PlayStation hack

Joe Basirico, director of security services, Security Innovation July 18, 2011

Software flaws provide the attack vector of many of today's largest breaches, and organizations must work to rectify those weaknesses.
 

The case for articulating security risk in a down economy

Patricia Titus, vice president and chief information security officer, Unisys July 12, 2011

Despite an astonishing sequence of breaches this year, expect business executives to remain tight with their purse strings, unless security professionals can accurately convey risk.
 

Smartphones? There's malware for that, too.

Troy Gill, security analyst, AppRiver July 07, 2011

Mobile devices, while unique, pose security challenges not unlike traditional PCs, and organizations can apply some basic tips to stay ahead of the threats.
 

You might be next: Data breaches

July 01, 2011

CISOs must concede they eventually will see their infrastructures compromised.
 

Signing on the dotted line of HIPAA

Bryan Cline, CISO and director of information security at Catholic Health East July 01, 2011

Given that a misrepresentation of the facts during attestation could result in civil and criminal penalties, what does a health care executive need to feel comfortable about before signing on the dotted line?
 

Can LulzSec and Anonymous forge a turning point?

Lysa Myers, director of research, West Coast Labs June 30, 2011

If something positive can come from a recent call by two hacking groups to expose corruption at governments and corporations, perhaps a fundamental change in cybersecurity can be it.
 

In search of a global network security standard

Shaul Efraim, vice president of marketing and business development, Tufin Technologies June 27, 2011

A government-adopted and enforced global benchmark for network security may lend value, and borrowing from the PCI DSS playbook could help in its creation.
 

Security concerns of computer automation and control: Where to start?

Cristiano Cafferata, systems engineer, SonicWALL June 20, 2011

A four-step industry model can be effective in defending control systems against adversaries.
 

Ensuring the supply chain is cost-friendly -- and protected

Sean Martin, founder, imsmartin consulting June 13, 2011

The automotive industry is just one vertical whose supply chain heavily relies on communications and document exchanges. But it must be careful that, in an effort to shave costs, security is not sacrificed.
 

An open letter to the network security industry

Peter George, president and CEO, Fidelis Security Systems June 06, 2011

A security vendor says working together is the only way to stop the endless string of breaches.
 

Earning back respect following a breach

Lysa Myers, director of research, West Coast Labs June 01, 2011

We all know what a difficult balancing act it is for businesses to provide both security and accessibility. Customers of Sony may not be in a forgiving mood, but if the company can learn from its mistakes, it may be able to re-establish trust.
 

Why do SQL injection attacks continue to succeed?

Josh Shaul, chief technology officer, Application Security May 24, 2011

SQL injection vulnerabilities first appeared in the 1990s, yet massive breaches in recent years prove the problem still remains a thorn in the side of security experts.
 

Rustock and Coreflood: a call to arms for strategic offensive action

David LaMacchia and Jamie Tomasello, Cloudmark; Jon Praed, founding partner, Internet Law Group May 19, 2011

Two recent botnet takedowns have demonstrated why going on the offensive is a viable way to cleanse compromised computers. But such tactics may set questionable precedents.
 

Looking beyond anti-virus to limit costs, attacks

Pat Clawson, chairman and CEO, Lumension May 12, 2011

Anti-virus technology is still integral to the security baseline of any organization, but because of advanced attacks, firms must consider complementary solutions.
 

When no one solution is best, an "ecosystem" emerges

Greg Oslan, CEO, Narus May 05, 2011

To fight today's sophisticated adversaries and protect the nation's digital infrastructure, the cybersecurity industry must unite technologies, develop new ones and cultivate experts.
 

Is malware on the decline, or is evasion on the rise?

Noa Bar Yosef, senior security strategist, Imperva April 26, 2011

While some studies point to a decrease in malware, that is more of an indication that virus writers are getting better at hiding their wares.
 

Security education: We're doing it wrong

Lysa Myers, director of research, West Coast Labs April 21, 2011

Most PC owners are thinking about security protection from a pre-botnet perspective.
 

Taming your "unknown unknowns" through network traffic analysis

Josh Goldfarb, principal security analyst, 21st Century Technologies April 13, 2011

Security professionals must understand what belongs on their network so they can look for the opposite. To do this, they must leverage a structured analysis approach.
 

Intellectual property strategies for security developers

James Denaro and Mark Ungerman, Morrison & Foerster April 08, 2011

As the security market continues to heat up, vendors must take steps to avoid patent infringement lawsuits.
 

How do you begin an information security career?

Israel Bryski, board member, N.Y. Metro ISSA chapter April 04, 2011

Breaking into information security as a career can be difficult, but there are several ways to ease the transition and make yourself more attractive to potential employers.
 

Confocal instrastructural vulnerabilities and their effect on business

Winn Schwartau, chairman, Mobile Active Defense March 29, 2011

Many organizations likely have not considered the risk of locating various infrastructure at the same physical location.
 

Tax season: The IRS is the least of your concerns

Frank Kenney, vice president of global strategy at Ipswitch File Transfer March 21, 2011

With the April 18 tax deadline looming, security isn't top-of-mind for the employees in your finance, audit and operations departments.
 

Mobile security offerings useful despite lack of malware

Lysa Myers, director of research, West Coast Labs March 03, 2011

Until mobile malware becomes more pervasive, the current lot of smartphone security offerings can help users with other concerns.
 

Unwitting accomplices and complicit security teams

Anup Ghosh, founder and chief scientist, Invincea February 25, 2011

End-users may be the weakest link, but technology exists to take security out of their hands.
 

Can deploying monitoring software put you in jeopardy?

Art Bowker, cybercrime specialist, Corrections February 22, 2011

Organizations may feel compelled to monitor their employees' email and web use, but they should first be aware of the legal implications.
 

The end of the endpoint

Tom Gillis, vice president and general manager, security technology business unit, Cisco February 15, 2011

The rapid shift in technology requires a major re-think of how we deploy security.
 

Letting go and keeping control: Beyond the PC and data center

Enrique Salem, president and CEO, Symantec February 15, 2011

Attackers - whether motivated by financial gain or a terrorist agenda - are changing their game and sharpening their focus.
 

Secure, global collaboration made possible

Mike Denning, general manager, Security, CA Technologies February 14, 2011

Identity and access management frameworks can help distinguish between the various competitor and partner personas, and organizations such as the Transglobal Secure Collaboration Program (TSCP) are working to construct and use them.
 

The WikiLeaks challenge: Remember the risks associated with third-party exposure

Kimberly Kiefer Peretti, director of the Forensic Services practice, PricewaterhouseCoopers February 13, 2011

When guarding against data breaches, organizations must consider the security postures of their closest partners, such as law firms and cloud providers.
 

What Stuxnet means for the process industry

Eddy Willems, security evangelist, G Data Software February 09, 2011

Governments and process control firms must work together to prevent highly sophisticated malware, such as Stuxnet, from spreading.
 

An independent approach to PCI audit security and compliance

Dave Greenstein, chief architect, StillSecure February 04, 2011

The PCI Data Security Standard assessment process must change, or the payment industry faces an ethical bind.
 

Showing how security is a value-add to the organization

Peter Finke, adviser, New York Metro ISSA chapter January 28, 2011

With the economy gradually lifting out of its slumber, information security professionals must convince budget bosses that they can't operate on a shoestring spending plan for much longer.
 

Thanks to web, malware authors have become technology agnostic

Lysa Myers, director of research, West Coast Labs January 26, 2011

Conventional wisdom that Mac OS X computers and mobile devices won't be targeted or infected by cybercrooks is about to be disproven.
 

2011: A security manager's wish list

A. N. Ananth, CEO, Prism Microsystems January 18, 2011

This year, thanks to a renewed focus on the insider threat, the longings of the security professional may come to fruition.
 

Learning from Assange

Will Warrick, security evangelist, Protegrity January 05, 2011

It is important for organizations to consider the basics if they want to avoid the leakage of sensitive information.
 

The domino effect of Gawker's poor password practices

Roman Yudkin, chief technology officer, Confident Technologies December 22, 2010

Poor authentication standards encourage bad passwords and enable the data breach at Gawker to harm security across the web.
 

How the WikiLeaks crisis could have been prevented

Ken Ammon, chief strategy officer, Xceedium December 16, 2010

Trusting no one may soon become the new mantra in IT security, given the leak of sensitive U.S. diplomatic cables.
 

Achieving integrity in the cloud

Sean Martin, Imsmartin Consulting December 10, 2010

Trusting one's cloud provider remains a major deterrent to adoption, but there are ways to confirm that a third-party vendor is operating in good faith.
 

2011: The year of privacy

Lysa Myers, director of research, West Coast Labs December 07, 2010

For privacy on the web to be achieved, end-users and website owners must strike an agreed-upon balance.
 

Skills in demand: Incident response

Joyce Brocaglia, CEO, Alta Associates December 01, 2010

The demand for pros who can be a part of an incident response team is growing.
 

Me and my job: Q&A with Matt Jonkman, CEO of Emerging Threats

December 01, 2010

A monthly Q&A with an IT security professional.
 

Threat of the month: Firesheep

Randy Abrams, director of technical education, ESET December 01, 2010

A new Firefox add-on can cause serious repercussions for users surfing the web on public Wi-Fi.
 

Debate: Free anti-virus software is as effective in protecting users as a paid solution

December 01, 2010

Free anti-virus software is as effective in protecting users as a paid solution.
 

Keep upward swings going and going and going...

December 01, 2010

With people out of work, insider threats spike and budgets often plummet, says Illena Armstrong.
 

Deloitte principal: Adopt a proactive approach for security

Irfan Saif, principal at Deloitte & Touche December 01, 2010

Now is the time to redefine your approach to face today's threats, says Irfan Saif, principal at Deloitte & Touche.
 

A change to protect card data

Bruce Rutherford. chairman, PCI Security Standards Council December 01, 2010

From my perspective, 2010 has been a critical year for global payment card security efforts that may ultimately result in a significant reduction in future payment card fraud levels, says Bruce Rutherford, chairman, PCI Security Standards Council.
 

Multidisciplined partnerships are central to country's cybersecurity

Greg Oslan, CEO, Narus November 29, 2010

Just as cybercriminals share information, the private, private and international communities must ally to combat today's threats.
 

Network forensics: Are today's pros up to par?

Jonathan Tomek, senior security engineer, Foreground Security November 22, 2010

Networking forensic investigators must be equipped with the right tools - and freedom - to do their jobs right.
 

Ten years of evolving threats: A look back at the impact of notable malicious wares of the past decade

Derek Manky, project manager, Fortinet Fortiguard Labs November 15, 2010

As security firm Fortinet celebrates 10 years in business, Fortiguard Labs took a look at the 10 most intriguing threats during the past decade and showed how their feature sets have evolved, Darwin-like, over time.
 

Eight questions CIOs should ask on cloud security

Lucius Lobo, director of security consulting, Tech Mahindra November 12, 2010

As more organizations continue migrating to the cloud, what should information leaders at organizations be asking of their provider?
 

Five ways to enjoy your Apple and keep your corporate network squeaky clean

Patrick Sweeney, vice president of product management, SonicWALL November 05, 2010

As Apple devices gain more traction in the office, IT administrators must follow best practices to ensure these endpoints can be trusted.
 

Defense in depth: building a holistic security infrastructure

Carl Herberger, vice president of information security and compliance services, Evolve IP November 02, 2010

Organizations must consider security at the network, application, host and data layers to most effectively protect against threats.
 

Fending off cyberwar attacks

November 01, 2010

Chicken Little could relate to the likely thoughts of all those cybersecurity players who have warned time-and-again that it isn't a matter of 'if' cyberwar would occur but 'when.'
 

Wearing your PJs to work

Jamie Sanbower, director of security solutions, Force 3 November 01, 2010

While teleworking improves overall productivity and morale, from a security pro's perspective, the worry of trading security and visibility for productivity is a nightmare.
 

Designing secure software and services now will save money later

Ryan Berg, senior security architect, IBM October 27, 2010

The cost of fixing a vulnerability after a product already has gone to market is much higher than the cost of finding it during the design process.
 

Data protection and controls: Does format really matter?

Andres Tabares, CISSP October 22, 2010

Organizations must consider the entire lifecycle of data, even when in hardcopy form, when implementing a security strategy.
 

A brief history of security innovation: Where do we go from here?

Elad Yoran, CEO and founder, Security Growth Partners October 20, 2010

Another era of security innovation is upon us, but first we must clear some barriers that could deter a new wave of imagination.
 

Volunteers seek out public/private partnerships

Kathleen Kiernan, chair, InfraGard National Members Alliance October 20, 2010

Building trust between the public and private sectors can be a challenge.
 

Security Innovators Throwdown to recognize promising startups

Becky Bace, president and CEO, Infidel October 20, 2010

The Security Innovators Throwdown at SC World Congress provides startups with the chance to gain the valuable advice and financial support necessary to launch in a difficult financial climate.
 

'Unknown unknowns' and the electric grid

Mark Weatherford, VP and CSO, North American Electric Reliability Corp. October 20, 2010

NERC's Coordinated Action Plan is designed to address the possibility that a cyberattack can disable the U.S. power grid.
 

Is it resources or know-how that state CISOs lack?

Bob Maley, CEO, Strategic CISO October 20, 2010

Blaming the down economy for a poor security program is no excuse, says an SC World Congress presenter.
 

Stuxnet worm shows critical infrastructure attacks no longer just Hollywood hype

Harry Sverdlove, CTO, Bit9 October 18, 2010

Computer security professionals can learn from the Stuxnet outbreak.
 
Powered by Disqus
Popular Topics
Analyst Reports & Industry Surveys Android Anonymous Breaches & Exposures Canada Data Breaches DNS Education Finance Government Hackers Hacktivism Health Care Lawbreakers & Cybercrime Lawsuit Legislation LulzSec Malware Mobile Applications Mobile Devices Phishing Rootkits SC Awards 2012 Social Engineering Trojans