| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
Government
|
|
Home Office
|
|
Small Business
|
|
Security-What Does A large part of the technology industry is concerned with information security and trustworthy computing, and the purpose of this paper is to determine how the infrastructure and relationship between trust and security has evolved in technology. The growth of the internet and its underlying technology and applications give all of us greater functionality. Identity theft and other vulnerabilities have been exploited in the past and continue in the present, and despite greater technology, will be here in the future. While we strive to minimize the risk we face in protecting our security; in the form of Confidentiality-Integrity-Availabilty we will see what Trust has to do with it.
By Ken Lange, 03/28/2004
|
|
Information Assurance at the PC Level This paper contemplates a bottom up approach to information security, where attention is given to information assurance at the PC level initially, rather than as an after thought. Information assurance for an individual PC is examined within the context of threat vectors, with an emphasis on risk mitigation and how to achieve it. Basic security measures are enumerated for each threat vector with a "how to" approach.
By Carlton Bowen, 03/28/2004
|
|
How to Identify and “Contain” Some of the Information Security Problems Created by Unique Business Environments A university setting will be used to illustrate this idea, that an organization is characterized by its business environment. Several aspects of the university's business environment are unique only to universities. One such aspect to be explored in detail is the effect of the student user group within the environment and the problems they can create for information security initiatives. In order to contain the problems within this environment an analysis of the student user is necessary. What qualifies an individual to write on this subject? In my case experience is my primary qualification. I've spent the last five and half years in the same university environment. The first four years, as a business school undergraduate student, I did almost everything imaginable to make information security workers cringe.
By John Cupps, 03/28/2004
|
|
Case Study in Developing Fault Tolerant and Highly Available Systems with Secure Zones of Protection Process Control is the part of a company that controls the critical processes that company operations are dependent upon. It is part of the critical infrastructure of the company and the clients that it serves. Various parameters, status and measured values are constantly queried via Supervisory Control and Data Acquisition, (SCADA), to control the process. Legacy mainframe systems that housed the Process Control System, (PCS), became too cumbersome and expensive to maintain prompting the move to a distributed 24X7 architecture. The distribution of process control, monitoring and alerting functions to various Unix and Windows servers via network connected devices forced us to realize that we were no longer isolated from the "world" and that securing our networks became objective number one. This paper will discuss the processes and actions taken to provide 24X7 fault tolerant and highly available systems with physical as well as cyber security in the forefront.
By Unknown, 03/28/2004
|
|
Pre-Development Security Planning Security should be considered from the onset of any development project. There are several crucial steps that project developers and project managers can take before code development begins that can significantly improve the entire development cycle and avoid potential security pitfalls that would otherwise arise. This document will outline the basic steps that should be completed before code development begins to ensure delivery of a successful project.
By Keith Marohn, 03/26/2004
|
|
System Administrator - Security Best Practices System Administrators are the people responsible for making computers work in the field. They are also responsible for the uninterrupted operation of the computers to take care of the business needs. System Administrator's knowledge on System security loopholes and their implications on business they are managing, is a good asset to any Enterprise/Company. By following simple practices during their administrative functions, they can build secure systems. These also help in reporting security incidents at an early stage and take corrective measures. Some of the best practices are discussed here, without getting into specifics of any particular operating system or version.
By Harish Setty, 03/26/2004
|
|
Who Wants To Be A Weakest Link? This paper emphasizes the need to convey good security practices throughout an organization, because the "weakest link" can be located anywhere along a company's "chain." Possible weak links are discussed and an attempt is made to explain the need for preemptive education via "what-ifs." An assumption is made that employees are interested in keeping their jobs. The main "what-if" has to do with the loss (or downgrade) of positions held by the company's security weakest links. Another "what-if" involves the possible loss of the all-important dollar. It can, unfortunately, be concluded that no matter how hard security experts within a company try, they cannot fix all the weak links in a chain, but continued multi-directed efforts must be maintained to strengthen them as much as possible.
By Russell T. Hany, 03/26/2004
|
|
A Survival Guide for Security Professionals According to Northcutt, "System, Network, and Security administrators all over the world are starting to feel the effects of burnout"(1). This survival guide aims to assist security professionals to balance the responsibilities and requirements of their role to avoid stress and burnout. Security professionals are having to undertake even- broader responsibilities in an increasingly demanding environment. To minimize the risk of burnout, security professionals must understand the latest technical, legal, and business trends and their implications, and they need to understand stress and how it can be managed. Ultimately, achieving success and fulfillment in the profession depends upon meeting minimum standards, setting goals for yourself and attaining certification, leveraging the benefits of the security community, and adhering to a code of professional ethics.
By Conrad Morgan, 03/26/2004
|
|
Securing Our Critical Infrastructures In the wake of the September 11, 2001 attack on United States, infrastructure security has become the top priority of our government and many commercial organizations. All aspects of our society today are heavily interdependent upon a vast array of Information Technology (IT). This technology is a core component of our national defense, economic prosperity and touches our every day life. The most critical infrastructures include banking and finance, telecommunications, energy (gas and electric), transportation, emergency services, and essential government services.
By Chris A. Brooks, 03/26/2004
|
|
The Internal Threat to Security Or Users Can Really Mess Things Up On one hand, the media is replete with reports of hackers exploiting various weaknesses in order to gain access to a network and the data it houses. Most, if not all, network administrators and engineers secure their intranets against outsiders these days. On the other hand, many administrators and engineers don't do the same thorough job of securing network resources against the people in the best position to do the most damage to a network, the legitimate users of the network. This paper will outline some of the threats posed by the "insider" and safeguards against these threats. The following paragraphs describe some of the security measures you can implement which will help insure the availability of your network despite the users actions. These chapters are broken into several categories, which are: Data input security, basic security controls, session security, Internet security, physical security, desktop security, data security, and malicious activity.
By Charles Rhodes, 03/26/2004
|
|
Page: 12345 6 78910 |
