November 2014 Issue of SCMagazine

November 2014 Issue of SCMagazine

From grappling with the Internet of Things to inside look at the security side of Apple's latest technology, our latest issue sheds light on some of the most prominent topics in the industry.

Editorial

Finding the right structure

Some experts contend that a reason for the seeming decline in IT security spend is that it is now becoming a pervasive part of everyday ...

Update

Debate: Should you pay a cyber ransom?

Industry experts debate whether organizations should or should not pay a cyber ransom to miscreants.

Company news: Big moves at Veracode, Malwarebytes and CipherCloud

The latest news in the security field, including personnel moves and mergers and acquisitions.

News briefs: The latest on JPMorgan Chase, the Mozart malware and more

The latest security news, including JPMorgan Chase, Bash bug, new POS malware Mozart and more.

Threat of the month

Threat of the month: Bash bug/Shellshock

Threat of the month: Bash bug/Shellshock

2 minutes on

Another day, another data breach

Tracking down threat actors is no easy feat, and requires an immense amount of research and collaboration.

Skills in Demand

Skills in demand: Biometric security, account executive

Good news for those industry pros that specialize in biometric security...you're in demand.

Me and my job

Me and my job: Marisa Fagan, director of crowd operations, Bugcrowd

This month, we get to know Marisa Faga, Bugcrowd's director of crowd operations.

Opinion

Selling Snowden-style access: Inside threat

Edward Snowden has the same broad access and privileges that many employees in similar positions have at almost every business.

Will cyber threaten mobile?

As mobile devices are further integrated into networks, organizations will have a critical need to implement end-to-end security solutions.

The elephant in the room

Bring the insider issue into the light and focus on culture change, says PSCU's Gene Fredriksen.

Hackers are after your app

Modern mobile hacks are diverse and can be performed by anyone, from an inexperienced amateur to highly skilled teams operating like tech startups.

CSO's desk

Getting executives on board

Successful CISOs need to master more than system security to make their companies competitive and improve their own job security.

Features

A balancing act: Apple technology

Apple's iPhone 6 and iOS 8 offer encryption for mobile users, but a focus on consumers can create security conundrums, reports Lee Sustar.

Acting out: Cyber simulation exercises

Simulation exercises show how companies should respond under a cyberattack, says HHS's Sara Hall. Teri Robinson reports.

Network care: Case study

When a care provider supplied laptops to its roving employees, it added a security solution to enable efficient collaboration. Greg Masters reports.

Upping the ante: PCI Security Standard

The latest iteration of the PCI Security Standard calls for moving beyond simply meeting compliance mandates, reports Jim Romeo.

Safe tether: Wearables

Wearable devices efficiently monitor user activity, but also open new targets for malware authors, reports Alan Earls.

Product opener

In November, addressing difficult challenges

This month we look at application security, particularly databases and we have a real treat for you with two emerging product groups.

Group Tests

RiskIQ Platform

Threat protection centered outside the firewall.

RSA Web Threat Detection

Detects anomalous behavior on websites.

IBM Security Trusteer Pinpoint Criminal Detection

Account takeover detection and prevention.

White Ops Advanced

Provides evidence-based bot and malware detection with high certainty, in real-time, on any browser-based web request.

Group Test 1

Barracuda Web Application Firewall Model 660

The Barracuda Web Application Firewall is a hardware-based device which is used to monitor, assess and remediate web-based application vulnerabilities.

Fortinet FortiDB 1000D

The FortiDB 1000D is a hardware appliance that monitors, audits and identifies vulnerabilities in databases. There are three deployment options: network sniffer, native audit and ...

Group Test 2

Identity Finder Sensitive Data Manager

Sensitive Data Manager ties discovery to business issues making classification easier and more relevant.

CA Data Classification

This is a clean product with a well thought-out goal and a well-executed solution. It is part of the overall CA suite of access control ...

Boldon James Classifier

Allows users to apply relevant visual and metadata labels.

TITUS Classification Suite

Provides classification for data, largely in a Microsoft environment, plus mobile environments.

Last Word

Privacy and the Internet of Things

With parameters, new tech can help your business, says McAfee's Jonathan Fox and Tyson Macaulay.