| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
Government
|
|
Home Office
|
|
Small Business
|
|
Threats to Enterprise Security With attacks becoming more aggressive, faster, and multi-pronged, there is growing emphasis on consistent assessments, preventative measures, and security information management. No longer will an attack entail a single virus—often well-thought out assaults are being implemented. Simultaneously, organizations are exposing more systems that are effectively dissolving the boundaries between what have been considered internal and external threats. In addition, the need for IT groups to find new ways to do more with less are discovering ways to reuse legacy mainframe infrastructure. This recycling has, in turn, exposed more IT resources—such as mainframes that until recently have been considered very secure—to the same challenges faced by distributed systems.
By Dan Sullivan, 04/18/2005
|
|
Keeping Data Private and Knowing It So your databases contain sensitive data, and privacy safeguards are in place. But is someone looking at the data anyway? Could a password have gotten into the wrong hands? Or could an authorized user be accessing sensitive data from a remote location after hours? What if someone in the IT organization were to use a privileged username to read sensitive data? Would you know?
Ken Richardson,
11/17/2004
|
|
Integrating Security into the Corporate Culture This short paper analyzes why organizations should consider spending more time on developing a culture that is both aware and capable of responding to security-related risk and goes on to suggest ways in which this could be achieved. At a major security conference several years ago, I asked a group of security professionals to define risk in such a way that it could be understood by non-specialists and then to suggest different ways of reacting to risks once they had been identified. Interestingly enough, many of those present were able to come up with good examples of risks, but defining risk in practical terms as a concept turned out to be a difficult exercise, even for security professionals.
Steve Purser,
10/06/2004
|
|
Data Piracy - The Threat from Within Catching data thieves before it's too late Databases are being stolen - Customer data, credit card data, taxpayer data - they're all vulnerable. Scary? Yes - but wait, there's more. It's not just "their" data that's vulnerable - it's ours too! "Oh, really?" Our first reaction may be skepticism. If so, we may be feeling safe because of our various security infrastructures. Numerous policies, procedures, and technologies may be in place to protect us. We may be spending continuous streams of cold, hard cash on security, so aren't we justified in feeling that our databases are reasonably safe?
Ken Richardson,
09/30/2004
|
|
Protecting Road Warriors: Managing Security for Mobile Users (Part Two) Part one of Protecting the Road Warriors focused on the virus protection and firewall/IDS/IPS layers of mobile security. Part two completes the discussion and presents ways of providing additional layers of defense to help protect the valuable, mobile data.
By Bob Rudis, 07/13/2004
|
|
Protecting Road Warriors: Managing Security for Mobile Users (Part One) Managing security within the confines of an organization or enterprise is a difficult job. Worms, viruses, spam, malware, port scans and perimeter defense probes are constant threats. Servers and desktop systems require regular patching and monitoring, and IDS signatures and firewall rules are under constant review and tweaking. Thankfully, the desktops and servers sit well protected within the confines of your network. Imagine what it would be like if every user's system was located on your network perimeter and had none of the safeguards your multi-layered security systems provide.
By Bob Rudis, 07/13/2004
|
|
Securing Privacy Part Four: Internet Issues This is the fourth and final installment in a series devoted to protecting users' privacy on the Internet. So far in this series, we've examined privacy issues concerning hardware, software, and e-mail. In this article, we will look more generally at our usage of the Internet. The Internet offers all of us unparalleled access to information, but it also brings with it unique threats to our privacy. This article will examine some of the ways you can protect yourself.
By Scott Granneman, 07/13/2004
|
|
Security Administration Solution or Why We Implemented An Identity Management/Account Provisioning Tool Account provisioning is a fairly new buzz word. Account provisioning, also known as employee-provisioning, or EUA (enterprise-user administration), is one of the terms used to describe the creation, maintenance, and deletion of user accounts, password maintenance, and the administration of user access rights.
By Suzette Franklin, 07/08/2004
|
|
Role-Based Access Control: The NIST Solution Role Based Access Control (RBAC) will allow for easier administration of today’s large and complex corporate environments without sacrificing the need for securing data and access to it.
By Hazen Weber, 07/08/2004
|
|
Event Correlation in Security A recent security spending survey by Information Security Magazine indicates that deployment rates of many security technologies will soar in the next three years. All the above devices, whether aimed at prevention or detection, generate huge volumes of audit data. Firewalls and other devices logging network connection information are especially guilty of producing vast oceans of data. Many diverse data formats and representations are used for those log files and audit trails. Also, a percentage of events generated by network IDS and IPS are false alarms and do not map to real threats. To further confuse the issue, different devices might report on the same things happening on the network, but in a different way, with no apparent way of figuring the truth of their relationship.
By Anton Chuvakin, 05/21/2004
|
|
Page: 1 2345678910 |
