February 01, 2007

Debate

By

Tracy Hulver, vp, product management and marketing, netForensics, and Mike Rothman, president and principal analyst, Security Incite

February 1, 2007

Is security information management crucial in making sense of event data?

Features

2 minutes on…Hackers hit Patch Tuesday

By

Ericka Chickowski

February 1, 2007

Now that security pros are comfortable with Microsoft’s monthly patching cycle, so too are the malware writers. The bad guys have learned that by putting out zero-day exploits close to Patch Tuesday, Microsoft cannot respond until the following month.

Security News

Company news

February 1, 2007

Here are the latest corporate happenings in the IT security industry:

Opinions

Me and my job

By

Bob Wilcox, CISO, FiServ

February 1, 2007

Bob Wilcox, CISO at FiServ, talks about his job – and his likes and gripes.

Opinions

A look at Web 2.0 security

By

Dan Hubbard, vice president, security research, Websense

February 1, 2007

Once again functionality has trumped security. Rapid deployment and development of Web 2.0 has left security as an afterthought. While that might sound somewhat gloomy, the core technologies and architecture that make up what is considered Web 2.0, including Real Simple Syndication (RSS), mashups, AJAX and more, are gaining popularity at such a rapid rate that the security risks are growing as well.

Opinions

In an age of professionalism

By

David Lynas, enterprise security architect

February 1, 2007

Like thousands of practitioners in our field, I refer to myself as an information security professional. But what does this really mean in terms of my status, professionalism and trustworthiness?

Opinions

Who has authority to accept risk?

By

Dave Tyson, CSO, City of Vancouver

February 1, 2007

A question recently came up that left me wondering about organizational authority to accept risk or, more specifically, enterprise security risks. One of the less defined aspects of this important area I find in organizations is who in the organization has the ability to accept risk, and to what level. Very few organizations have defined threshold levels that classify the risks that individuals can and cannot accept on behalf of the organization. This can become important when you consider the decisions that staff, managers, directors and senior management make on a daily basis when there are no defined boundaries for risk acceptance.

Opinions

Got something to say?

February 1, 2007

SC Magazine is always happy to hear from readers. Send comments, praise or criticisms to [email protected]

Features

Be prepared when the court calls

By

Alison Gunnels

February 1, 2007

Once upon a time, an employer asked me to sort through the office of a departing technical director for anything the security team wanted to save. Imagine my surprise when, within the printouts of technical specifications, I uncovered a dusty, haphazard stack of subpoenas. My startled query, “Were these ever answered?” was met with uneasy shrugs by the other security staff, managers, and operations directors.

Print Issue: February 01, 2007

Debate

2 minutes on…Hackers hit Patch Tuesday

Company news

Me and my job

A look at Web 2.0 security

In an age of professionalism

Who has authority to accept risk?

Got something to say?

Be prepared when the court calls

MOST POPULAR

The new cybersecurity resilience