| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
Awareness Program
|
|
Case Studies
|
|
Got Cyber Insurance? Thanks to a crippling series of computer attacks in 1998, Seattle-based Viznet Inc., an online merchant exchange network service provider once valued at $1 million, is now selling off its customer lists for $50,000. The worst damage occurred when the attacker spammed Viznet's 90 merchant customers, claiming Viznet was a cover for a pedophile ring. The attacker, a former programmer at the company, knew that the wife of owner/operator Jim Vizner owned a day care center.
By Deborah Radcliff , 04/22/2004
|
|
Privacy: A Study of Attitudes and Behaviors in US, UK and EU Information Security Professionals As technology continues to modify the ways in which information of all types is stored, analyzed and exchanged, concerns related to privacy are growing. At the same time, the very concept of privacy is highly subjective, varying culturally as well as organizationally. In this presentation some of the cultural and organizational aspects of privacy will be examined, and some Internet-related threats to privacy discussed. Then, new survey data from our study of user behavior and technical facilitators of privacy will be presented. The study focuses on users’ attitudes toward privacy and their responses to some globally applicable privacy-related threats. The data show some unexpected results, which will be interpreted by application of several well- nown psychological models to the user behavior. Finally, the need for further work in the field is highlighted, and suggestions for further research provided.
By Sarah Gordon, 04/22/2004
|
|
Modeling the Silicon Curtain This paper will present the available range of modeling and simulation capabilities in Information Assurance. It will also establish some principles for extending these capabilities into the community. It will do this by establishing a case for utilizing more simulation in our discipline, reviewing past modeling & simulation efforts within Information security, reviewing the traditional types of modeling and simulation methodologies, addressing capability and experiences in computer modeling within other areas such as telecomm and economics, and providing a framework for future computer based modeling and simulation efforts in Information security.
By John H. Saunders, 04/20/2004
|
|
Selling Security To Management As with all problems of this nature, this problem is the result of a failure to communicate with management. While I realize this is not your typical topic for a SANS discussion, it is important to our credibility as professionals because, if we cannot effectively communicate with those who control our success, then we will continue to be relegated to our present role in the organization. The better we are able to communicate our issues to management, the more likely it will be that management will respond positively to our issues. This document will help you understand how to create presentations that will engage management and will discuss the common presentation pitfalls that befall technology people.
By Jeff Hall, 04/18/2004
|
|
Corporate Security Summary Template This word template can be used to give management an overview of an organizations secuirity posture. It covers the top risks as well as mitigations for them. Ongoing security related projects, and other general security metrics.
By Jason Burzenski, 04/18/2004
|
|
A Security Guide For Acquiring Outsourced Service Outsourcing is not an abdication of the organization's security responsibilities to an external contracting vendor. While leveraging on the economies of scale and technical expertise of the supplier, the organization needs to make sure that the outsourced IT project or service does not introduce security problems or vulnerabilities to the already-functioning internal systems, business processes and operations. This guide is an attempt to collate all security requirements relating to outsourcing, for which organizations seeking outsourcing should actively look into.
04/17/2004
|
|
Requirements For Managing Security Information Overload To address the Enterprise Security Information Management (ESIM) problem, a number of emerging solutions have been developed. Each of these solutions has different strengths and features. Before an enterprise adopts a particular solution, it is important to have a complete understanding of their specific requirements and priority. This paper discusses the important criteria in developing an information management solution. These requirements can be used as a guideline for comprehensive evaluation of various solutions.
04/17/2004
|
|
Extranet Access Management (EAM) As businesses develop Internet applications they are increasing their exposure to external security vulnerabilities from the Internet. In many companies the security of web applications is the responsibility of each application development team. Today, every new webbased application potentially brings a new and different way to manage application access. Because each application team must develop and implement its own security processes, the quality of security varies with each application development team. Often there is not a common way to monitor application development security for consistency or an effective method for administering security for heterogeneous operating systems that run the applications.
04/17/2004
|
|
Web Services Security - An Overview Many information technology visionaries say that the Internet is primed for the next phase of its evolution. The first phase, the physical infrastructure build out, has been completed, and it is now time to make use of the new communications and processing capacity to produce value. One strategy used to improve productivity is to increase the speed and quality of information flow. Another strategy is to make it easier for producers and consumers of information to locate each other and exchange value. One tactic that will be used to facilitate these exchanges is the adoption of a new approach to application construction known as “web services”. An example of a web service is the stock price-updating feature in the Quicken personal finance software package. When the user requests a price update the software queries servers provided by Intuit, Quicken’s maker, and they return current prices for the stock symbols the user is interested in.
04/17/2004
|
|
Successfully Managing Cyber Security Managing a cyber security program involves physically protecting your company’s investment in computer hardware, ensuring system availability, verifying information integrity, and securing confidential information. Implementing a comprehensive verifiable program is challenging. A new Computer Security Manager should address priorities in order: learn the basics; implement policies and plans through effective management; and work diligently to publicize security practices throughout the organization.
04/17/2004
|
|
Page: 123 4 567 |
