Security Management

The state of SIEM

The state of SIEM

The technology is capable of providing all of the data organizations need for compliance, but managing the log activity to make sense of it can be a challenge.

NIST releases continuous monitoring guidance

By

The National Institute of Standards and Technology late last week published new guidance to help organizations develop and implement an information security continuous monitoring (ISCM) program. This initiative can help companies better provide ongoing awareness of threats and vulnerabilities, assess the effectiveness of deployed security controls and support risk management decisions, according to the 80-page guidance document. A mature ISCM program, which requires the use of both automated and manual processes, will enable companies to move from compliance-driven to data-driven risk management.

FISMA compliance to require monthly reports

By

Beginning in October, federal agencies will be required to report on their information security posture on a monthly basis, instead of annually.

ETSI releases identity management specifications

By

The European Telecommunications Standards Institute (ETSI), a nonprofit that produces standards for information and communications technologies, has completed a set of identity management specifications which outline how users can safely gain authorized access to data and services. The free specifications, which are aimed at network operators, internet service providers and systems designers, address access control issues related to third-parties and cloud environments. The specifications were created by ETSI's identity and access management for networks and services group, whose members include Nokia Siemens Networks, Alcatel Lucent, the University of Patras in Greece, and the University of Murcia in Spain.

Data breaches cost organizations $204 per record in 2009

By

A new Ponemon Institute study found that the number of data breaches caused by malicious attacks and botnets doubled last year, compared to 2008.

DHS secretary: Cybersecurity is shared burden

By

Cybersecurity is not the responsibility of one person or group since no one person is in charge of the internet, Department of Homeland Security Secretary Janet Napolitano said Tuesday.

GAO: NASA must fix cyber vulnerabilities

By

A new report from the Government Accountability Office found that NASA has multiple cybersecurity problems.

Microsoft disputes password-stealing SQL Server bug

By

Researchers at a security company say they have discovered a vulnerability in Microsoft's SQL Server, but the software giant disputes the claim.

US-CERT director resigns, plans to work for RSA

By

Another top cybersecurity leader has stepped down - news that comes in the wake of similar high-profile government resignations and a still-vacant federal cybersecurity coordinator post.

Malware served up thanks to solar eclipse

By

In a reprise of an old trick, cybercriminals are using SEO poisoning to attract victims to a rogue software site, according to Trend Micro.

Lack of cyber talent threatens national security

By

A serious shortage in people to fill federal cybersecurity posts threatens national security.

It's official: Microsoft to offer free anti-malware service

It's official: Microsoft to offer free anti-malware service

By

Next week, Microsoft will make available to consumers a new, free anti-malware service to replace its subscription model.

DHS appoints new director of National Cybersecurity Center

By

The U.S. Department of Homeland Security has appointed Philip Reitinger as the new director of the National Cybersecurity Center, a post left in March by Rod Beckstrom, DHS Secretary Janet Napolitano announced on Monday.

Hackers hit U.S. Army websites

By

A group of computer hackers based in Turkey breached the sites of two U.S. Army facilities, leveraging SQL injection attacks.

Trend Micro goes shopping for virtualization security

By

In one of its first major moves in acquiring virtual security technology firms, Trend Micro bought Third Brigade, a virtualization security and compliance software company based in Ottawa, Canada.

Policymakers debate White House's role in cybersecurity

By

Lawmakers and public policy experts clashed Tuesday over whether cybersecurity control should be taken away from the Department of Homeland Security (DHS) and placed under the White House's purview.

RSA: Build security into operations, says Symantec CEO

By

Just days into his new job, Symantec CEO Enrique Salem is calling for a colossal shift in the way vendors and end-users approach information security.

Survey finds that SMBs often lack basic security

By

Despite being aware of the importance of security, small-to-medium-size businesses (SMBs) generally are not protecting their networks, according to a survey released Thursday by Symantec.

SANS report shows security logs no longer "geek toys"

By

Organizations use security log data to a greater extent than ever before, according to the 2009 Annual Log Management Survey from the SANS Institute.

Survey: Financial crisis fuels identity theft fears

By

Most Americans believe the world financial crisis has increased their risk of identity theft or related crimes.

FTC site helps meeting "Red Flags Rule"

By

The FTC has established a how-to guide for coping with new requirements aimed at deterring identity theft.

Obama appoints federal CIO

By

President Obama has appointed the first-ever federal chief information officer.

Los Alamos computers go missing

By

At least 69 computers are missing from the Los Alamos National Laboratory, a national security research institution in New Mexico.

McAfee: Malware will use web and USB sticks to spread in 2009

By

McAfee predicts in the upcoming year that web-based malware and removable storage devices will be some of be the biggest threats to businesses.

Case study: City of Miami Beach

Case study: City of Miami Beach

Miami Beach needed to quickly identify threats, generate immediate notifications and to quarantine infected computers.

Security issues continue at the IRS

By

Weaknesses remain in the Internal Revenue Service's computer systems that jeopardize the confidentiality of sensitive taxpayer information.

In cybersecurity, who is the weakest link?

In cybersecurity, who is the weakest link?

Human error is the primary cause of information technology security breaches because, too often, individuals are given the option to bypass security processes.

SC World Congress: A budget crisis is a terrible thing to waste

By

Even faced with tough budget times, there is still an opportunity, says one CISO.

New free tool detects malware on networks

By

BotHunter was sponsored by the U.S. Army Research Office and is being used by U.S. government and the Department of Defense.

Keylogger spyware ordered off the market

By

In a victory for privacy advocates, an Orlando, Fla.-based company has been ordered not to sell keylogger spyware.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US