| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
Awareness Program
|
|
Case Studies
|
|
Why MSS? Managed Security Services is still in its growing stages at this time and there is only a handful of companies offering this expertise. Aventail, Counterpane Internet Security, Fishnet Security, Guardent, ISS (Internet Security Systems), NetSec, Riptech, and TruSecure offer this service. According to Infonetics Research, “Western European security products, managed security providers, and PKI products and service expenditures will grow 413 percent, from $1.5 billion to $7.7 billion, between 2001 and 2005. The report comes directly from Infonetics Research and entitled “User Plans for Security Products and Services, Europe 2001”and states that estimated expenditure on all products and services will grow 328 percent and from $5.3 billion to $22.7 billion. That being said, MSS needs to be re-considered and re-evaluated by all companies on-line, so the cliché, “pay now or pay later” does become a reality and a way of doing business.
04/17/2004
|
|
Security Outsourcing The Internet has become an integral means of doing business over the past few years, making information one of the most valuable assets companies possess. As a result, companies are now forced to find ways to secure that asset. There are three ways to accomplish the security of the company's assets. The company can perform all tasks inhouse, hire an outside company or companies to perform all security related tasks, which is outsourcing, or some combination of the two. The primary focus of this paper is outsourcing security services and therefore most of the discussion will reflect that, though some mention of the other two options will be put forth. Outsourcing can be simply defined as an arrangement in which one company provides services for another company. These services are ones which typically could be handled in-house, but which are for various reasons turned over to another company or companies.
04/17/2004
|
|
Mixing Technology and Business: The Roles and Responsibilities of the Chief Information Security Officer With the rise of the Chief Information Security Officer to the executive level, organizations that previously relied on information technology department personnel for security now have an individual dedicated solely to the physical and technical aspects of security for an organization. This research paper describes the roles and responsibilities of the Chief Information Security Officer and the importance of these roles and responsibilities to public and private organizations worldwide. In addition, this paper explains the return on investment and the importance and how it relates to the Chief Information Security Officer.
04/14/2004
|
|
Pockets of Chaos: Management Theory for the Process of Computer Security Managing Chaos is the ultimate paradox Understanding how to balance the opposing forces of flexibility and consistency is the key to managing the ever-changing security landscape. Computer Security is a journey not a destination. We strive to reach the goal of being secure, knowing that we will not ever succeed. The Information Security Professional is responsible to continually evaluate the security process ensuring the best results possible with the available resources. Just as no security process is complete without user education and involvement, so to should every security staff member have a big picture understanding of the overall goal. For society to embrace the evolutionary possibilities of the Information Revolution, we have to find a way to manage the dangers inherent in this new world order. Protect, Detect and Respond.
04/14/2004
|
|
Ways To Become An Effective Information Security Professional - From A GIAC Wannabe Perspectives This paper will examine the requirements to become an effective Information Security Officer. At the end of this paper, one will realize that achieving Information Security proficiency and maintenance of the expertise will be a daunting task. As the saying goes; ‘Learning is lifelong for Information security Professionals’. The motivating factor of me choosing this topic is the realization that people is the most important factor in Information Security. SANS clearly indicated: “Assign untrained people to maintain security and provide neither the training not the time to make it possible to do the job” as the # 1 management error that lead to computer security vulnerability.
04/14/2004
|
|
Seven Top Management Errors that Lead to Computer Security Vulnerabilities The 7 Top Management Errors that Lead to Computer Security Vulnerabilities
04/14/2004
|
|
Mistakes People Make that Lead to Security Breaches Technological holes account for a great number of the successful break-ins, but people do their share, as well. Here are the SANS Institute's lists of silly things people do that enable attackers to succeed.
04/14/2004
|
|
Distributed Security Management for the Enterprise Managed security is the next step in the lifecycle of the network security industy. The information flow within an infrastructure today is unmanageable. Information comes from so many different sources and in such large quantities that identifying a potential security risk in real time is near impossible. The focus of this paper is on managed security, specifically one product that has been on the market for almost a year, Spectrum Security Manager. There has not been much mention of products like these in the SANS conferences that I have attended. It would be of great benefit for people in the security industry to know that there are some products that will actually help them with managing the piles of information they are forced to handle. I briefly describe the existing problem in the industry and then discuss the product, it’s architecture and how it is implemented.
04/03/2004
|
|
Security Considerations in the Merger / Acquisition Process Those who work for a firm that acquires other companies or have undergone a merger understand there are a multitude of issues to cover before the deal is done. However, once the deal has been closed, the push to get both businesses connected and integrated can be tremendous. This document will focus on the high-level security issues that if included in the due diligence process, can help facilitate integration of the companies involved. Before determining where security gaps are between the companies involved, an understanding of what the organization being acquired looks like is key, as well as knowing the basic strategy behind the purchase. Once the background and strategy is understood, the types of security concerns will be more easily determined and plans for addressing any gaps can be documented.
04/03/2004
|
|
Achieving Executive Buy-in: The Case For Security Not everyone thinks about security when they should. But with multi-user environments containing business critical data, security is a must. With all the great technology and the magnitude in which businesses and organizations of all sizes rely on information technology, they must also think clearly about security. In most environments network administrators or dedicated security staff have the responsibility of securing these dynamic infrastructures. That being said, many organizations often put security to the way side of higher priority projects or business objectives. This paper conveys a real world approach to selling security to upper management and creating a foundation to build security upon. In order to have a secure infrastructure one must be persistent and creative in making the executives aware of the necessity of having security processes, procedures and standards in place to prevent the organization from feeling the effects of a security breach.
03/28/2004
|
|
Page: 1234 5 67 |
