September 2013 Issue of SCMagazine

September 2013 Issue of SCMagazine

This month's issue includes features on incident response, application security, as well as a deep look at GRC in the industry today.


Horse trading 2.0: Information is a valued commodity

The power of information as a commodity only continues to deepen as it satisfies so many disparate needs and wants.


News briefs: The latest from Black Hat and DefCon, Verizon and more

News bits you may have missed from Black Hat and DefCon 2013, as well as other summarized highlights of major incidents taking place.

Company news: AVG Technologies' new CEO, Avery Security's acquisition, and more

News from AirTight Networks, Seculert, Hackett Security, MobileSpaces and others.

Threat of the month

Threat of the month: Android master key vulnerability

September's threat of the month is the Android master key vulnerability, which can bypass signature verification to gain full system-level access.

2 minutes on

Anonymity exposed: Privacy versus surveillance

Wiretapping, tailing and going undercover are not new investigative concepts, but revelations of the NSA's digital spying apparatus has revived the debate between privacy rights ...

Skills in Demand

Skills in demand: Incident response professionals

Companies who leverage the cloud have concerns over the security of their data. The migration has increased demand for incident response pros, including reverse engineers ...

Me and my job

Me and my job: Geoff Linnell, group CIO, Celerant Consulting

September's "Me and my job" features Geoff Linell, group CIO for Celerant Consulting.


Debate: DefCon organizers should have discouraged feds from attending last month's event.

A number of experts weighed in on this month's debate concerning a statement from DefCon founder Jeff Moss that feds should stay away from DefCon.


No need for anti-phishing vigilantes

There are serious risks involved when dealing with phishers.

Biting the silver bullet: Protecting corporate assets

There are a few key things every business should consider to truly improve data security.

CSO's desk

Ready the troops: Global cyber warfare

We CISOs and CSOs are the generals in the global cyber war. If you haven't thought about your role in these terms, then you are ...


Dollars and sense: Application security

Though it is difficult to quantify ROI for security initiatives, investment in application security is logical for the enterprise, reports Jim Romeo.

At the ready: Incident response

Incident response has become a more complex art, says Rusty Agee, the city of Charlotte's security leader. Karen Epper Hoffman reports.

Higher calling: Case study

A U.K. college provides its "digital natives" with a secure environment that can be accessed anywhere from any device. Greg Masters reports.

Three's company: Governance, risk and compliance

The promise of governance, risk and compliance technology is alluring, but getting it to work effectively is a different story, reports Alan Earls.

Lowering the legal limit: Intimidation of innovators

There was a noticeable chill in the air at Black Hat and DefCon, due to recent action taken against security researchers, reports Dan Kaplan.

Canada reacts: Consequences of NSA revelations

How are the latest NSA spying revelations affecting Canadians' use of the internet? Danny Bradbury finds out.

Product opener

Your online life is an open book - maybe

This month's product section focus on email security and management.

Group Test 1

Axway MailGate SC

The MailGate SC from Axway incorporates email security with safeguard collaboration functions.

Barracuda Spam & Virus Firewall (Model 400)

The Spam & Virus Firewall from Barracuda Networks provides solid inbound and outbound email security functionality through a feature-rich appliance.

Cisco Email Security

The Cisco Email Security virtual appliance offers a full set of inbound and outbound email security and control features.

EdgeWave ePrism Email Security

The ePrism Email Security appliance from EdgeWave offers email security features such as inbound and outbound content filtering and email policy enforcement, anti-spam and anti-virus.

F-Secure Protection Service for Email

The F-Secure Protection Service for Email is a fully hosted email security offering that can work in tandem with an already existing email server to ...

Fortinet FortiMail-200D

The FortiMail-200D from Fortinet features many email security features bundled into an easy-to-manage appliance. It includes anti-virus, anti-spam, onboard identity-based encryption, and content filtering and ...

McAfee Email Protection

McAfee Email Protection offers full-scale email security and content management in a single appliance with flexible deployment options.

WatchGuard XCS 880

The XCS (Extensible Content Security) Appliance from WatchGuard provides solid email security and email content management in one easy-to-manage appliance.

Group Test 2

CA Technologies eComMinder with CA RiskMinder

This tool manages card-not-present (CNP) transactions.

RSA Silver Tail

This solution offers comprehensive protection for websites.

Trusteer Pinpoint Account Takeover Detection

This product provides account takeover protection.


This solution, part of our Emerging Products Group Test on online fraud, provides two-factor authentication in a consumer environment.

Last Word

Cover those blind spots: Establishing protocols that go beyond compliance

Robust enterprise security requires more than checking compliance boxes, says Diebold CSO Adam Williams.