| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
Government
|
|
Home Office
|
|
Small Business
|
|
End-users - A Critical Link in the Chain of Security Establishing the security of Information System (IS) resources is an important and major undertaking in any organization. End-users have a very important role in the chain of establishing and maintaining that security. No reliable security policy or procedure can be implemented without taking end-users into consideration.
By Dana Brigham, 03/26/2004
|
|
Security in Practice- Reducing the Effort Information security is known to be at least important, if not critical, to most business and personal needs. This paper covers the ten most vital steps in attempting to achieve a good base level of security, which can then be built upon. The focus of these is on reducing the effort in order to ensure they are completed to at least a minimum degree. The intended target audience is Network/Systems/Security administrators who need a reference guide on the fundamental steps in securing a network, why each step is important, and how to reduce the effort whilst doing it.
By Leon Pholi, 03/26/2004
|
|
Implementing Least Privilege at your Enterprise Enterprise security involves people, process and technology. The principle of least privilege can and should be applied to all of those areas An expansion of the topic of "least privilege" has some importance because, those responsible for information security, have had some past difficulty explaining it or gaining acceptance for this important principle. It is often referenced and occasionally supported with a brief definition, but rarely is the principle supported with any significant examples or rationale. It is a principle that touches many aspects of the organization or enterprise, and since it is not really well explained or understood it is difficult to achieve acceptance. This paper will provide some background, offer some rationale to help develop support for it's acceptance, and identify ways it can be implemented at your enterprise.
By Jeff Langford, 03/26/2004
|
|
8 Simple Rules For Securing Your Internal Network Many companies seem to focus a great amount of attention and funds on securing the perimeter of their network while forgetting that their most valuable assets are actually inside. The current focus on perimeter security can make it very hard for an attacker to get inside; however, once inside, they can roll with abandon with very little chance of getting caught. This paper will focus on eight areas that a company can look at to make their internal network just as hard and crunchy on the inside as on the outside.
By Douglas Ford, 03/26/2004
|
|
Over Your Shoulder: The Debate Over Internet and E-mail Surveillance in the Workplace One aspect of the Internet that has been a continual source of lively debate is the crackdown of employers on the use of web-surfing and e-mail applications in the workplace. This has caused much concern for civil libertarians and privacy mavens who strongly believe that surveillance of workplace Internet activities constitutes an intrusion on the democratic freedoms of employees and, as such, necessarily detracts from the benefits of living in such a democratic society.
By Ben Malisow , 03/24/2004
|
|
Personal Interface: The Relationship Between Users and Security Personnel in the Modern Environment There are almost no companies in the country that can continue to dispute the need for information security; the recent spate of DDOS attacks proved that size, sophistication, and skill can only attenuate risks- not eliminate them. As information security professionals and departments begin to take their places among senior management and trusted executive ranks of companies, a new dynamic has evolved, an "Us Vs. Them" motif unlikely to change any time soon.
By Ben Malisow , 03/24/2004
|
|
Never Worry About Security There are wide differences between perceptions, reality and just getting the job done. To most, security is either an obstacle to job performance or nothing to worry about at all. The reality is usually somewhere in the middle, and certainly not nothing to worry about at all. That is, unless you want Alfred E. Newman from Mad Magazine fame as your security director, with his famous quote "What me, worry?" Getting the job done is at the heart of the effort. A small group of people assigned to security work cannot do everything in any organization. Within small organizations, relying on one person for various tasks becomes a problem when that person takes a vacation or is out sick. Depending on the duration, their tasks are not done or completed by someone else on a temporary basis.
By John D. Johnson , 03/24/2004
|
|
Over Your Shoulder: Why Your Employer is Entitled to Watch You One of the reasons the Internet continually been a subject of lively debate is the crackdown of employers on the use of web-surfing and e-mail applications in the workplace. This has caused no little travail for civil libertarians and privacy mavens who strongly believe that too much intrusion on the freedoms of a democratic society necessarily detracts from the benefits of living in such a culture. Their rationale is rather simple and straightforward: American taxpayers paid for the development and construction of the information superhighway, supports the market environment where such it (along with the many companies that profit from it) can flourish, and continues to pay for the privilege of utilizing it, they should therefore be entitled to flit about on it whenever and however they please, without pesky state troopers and private rent-a-cops abrogating that right.
By Ben Malisow , 03/24/2004
|
|
Preventing the fraudulent use of Internet DSL accesses by dial-up accounts: a network authentication issue. This document will first describe such a scenario to put the following descriptions into context. Then we will look at the details of a typical deployment between DSL providers and ISPs in order to highlight the areas of vulnerability of the model. Finally we will suggest an approach to prevent this type of fraud with some other elements that could lead to tailored solutions for the ISPs: as the next sections will demonstrate, a unique overall solution is most unlikely given the number of ways each ISP could deploy its services.
By Bruno Germain, 03/24/2004
|
|
Information System Security Evaluation Team Security Insurance? Information systems are becoming more complex and ubiquitous. Consequently, the opportunities for compromise increase. Networks once found only in relatively large offices are now found in the smallest of offices. These networks are typically connected to the Internet through Wide Area Networks (WAN). This poses a problem for maintaining a high degree of security in these systems especially where an organization is split into many smaller entities whether dispersed geographically or located in one building. This document proposes an idea that can help these organizations establish and maintain a relatively high degree of security and reduce the risk of disruption of business operations. I will call it the Information Systems Security Evaluation Team or ISSET in keeping with today's need for acronyms.
By Bruce Swartz, 03/24/2004
|
|
Page: 123456 7 8910 |
