The security and privacy issues surrounding the use of mobile devices abound. And though BYOD has been alive and well for some time now, many organizations still face myriad challenges in deploying just the right security solutions and the proper policies and training to support these. Now, the problem has become even more confounding with the rise of BYO-service, software or technology. All the while, alongside the privacy and security issues, challenges around compliance with any number of regulations only get more complex as users demand evermore mobility. We examine the most recent developments in the area of mobility and find out some programs that are showing some positive inroads.

April 25, 2013

eSymposium: Cyber espionage

Even members of the U.S. Congress can agree that cyber espionage is a major problem for both the country's private companies and government agencies. In a report released late last year, for example, they cite China as a particularly concerning aggressor in this area. From direct attacks on companies to backdoors that allegedly are cropping up in telecommunications hardware and software sold to U.S.-based companies, the methods to conduct cyber espionage attacks run the gamut. We take a look at the threat and find out what the U.S. government, private organizations and others are doing to address the problem.

May 9, 2013

eSymposium: Advanced monitoring and forensics

Network monitoring and analysis is a critical component to any robust security program. However, there are ways to make this area of your plan even stronger. Not only are their newer solutions to consider, but there are steps that both vendors and their end-users are taking to better integrate solutions like data leakage prevention and more with networking monitoring solutions. We look at some of the most recent developments and discuss what organizations can do to get a better handle on what's happening on their networks.

May 21, 2013

eSymposium: Privacy & security

Security and privacy go hand-in-hand. Yet, there are obvious problems with IT security programs given that despite their implementations, customers' private information still is getting breached and exposed. We look at what companies might be missing and find ways to tighten up security and privacy programs.

June 4, 2013

eSymposium: ID management

End-user authentication and access is a critical component to keeping critical data secure. Not only do such practices and solutions help to reduce insider threats, but they also can better safeguard cloud-based applications, critical databases and more. We explore the ins and outs of ID management, its various applications and the many hiccups that can arise around its management.

June 25, 2013

eConference: Auditing and compliance

Getting into compliance with government and industry regulations should go beyond just a tick in the box. Indeed, efforts associated with auditing should be a direct reflection and in support of a corporate IT security program. After all, while being compliant doesn't equate to being secure, being secure can mean being compliant. We explore.

July 11, 2013

eSymposium: Supply chain vulnerabilities

News about supply chain vulnerabilities hit hard late last year when the U.S. Congress accused some China-based companies of actively embedding backdoors and other malware in the products they sell to companies and government agencies in the state. Huawei and Zei, the accused, however, have come out with an international campaign to note just the opposite. We look at these companies, incidents that have arisen because of supply chain vulnerabilities and steps you can implement to avoid becoming victimized by these.

July 23, 2013

eConference: Securing the cloud

Cloud service providers are far from making security a standard practice. Most of their customers still rely on their SLAs in hopes of covering some of the risks use of their cloud-based applications can present. As well, they deploy encryption, use authentication and more to help secure these. Yet, problems still exist. We review the most current and find out what some organizations are doing to address them.

August 6, 2013

eSymposium: SIEM

Security information and event management (SIEM) systems are a critical part of any organization's defense. By correlating and giving meaning to data from any number of tools -- from intrusion detection systems and firewalls to web logs or flow data -- SIEMs allow security teams to understand what's happening on their networks. However, they can be difficult to deploy and sometimes even harder to make work. We explore just how some companies find help from SIEMs and what organizations be mindful of as they look to deploy these.

August 22, 2013

eSymposium: Social networking security

With social networking a part of everyday business, companies readily have embraced there Tweets and Facebook updates to reach out to customers and others. But, the malware and social engineering attacks that cyber criminals also have introduced on these sites still prove effective. We review what organizations are missing when it comes to the privacy and security issues regarding the use of social media and find out what they can do to better their approaches.

September 24, 2013

eConference: Data security

With IT infrastructures proving less centralized these days, so is their critical data. What are organizations doing, then, to make sure the most important data they trade in is protected from cyber criminals taking advantage of the myriad vulnerabilities introduced by ever-widening, mobile and decentralized environments?

October 24, 2013

eSymposium: Advanced persistent threats

Cyber criminals enlisting APTs are of a different ilk. Often patient and much more technically advanced, they infiltrate networks and surreptitiously steal critical data bit by bit, day by day, month by month. If a company reacts to hastily after discovering them, they can quickly modify the coding on which their attacks are based and become well-hidden once again. Some companies are getting a handle on these attackers and their methods. We look to them to help us better equip other security teams to address these threats.

November 14, 2013

eSymposium: Vulnerability management

Vulnerabilities are the number one way cyber thieves infiltrate networks to launch any number of attacks. Organizations, though, still don't have a strong vulnerability management program in place often because its scope is so far-reaching and complex. We find out from experts some suggestions for remedying this conundrum step by small step.