| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
Awareness Program
|
|
Case Studies
|
|
Retain control of Security (even in the wake of an IT Outsource) Outsourcing Information Technology (IT) was once thought to be an exception; now it is considered the norm. Many enterprises would rather move away from the expensive and complex tasks of IT systems management to focus on aspects of the business they are expected to be good at, manage the core business. Enterprises expect that the contracted IT specialist company would have more experience of dealing with the ever-changing IT industry; have the ability to specify more apt solutions for the Enterprise, especially as IT products and platforms becomes more and more complex; and do it more efficiently and cheaper than if the Enterprise did it themselves. Many business-critical applications operate on IT systems that are outsourced, and the security of these systems is often paramount to the successful running of the Enterprise. How can the Enterprise evaluate the security posture of outsourced IT?
03/28/2004
|
|
Centralized Network Security Management: Combining Defense In Depth with Manageable Security Centralized network security management is the practice of funneling the vast amount of security-related data from the various sources in the network through a centralized process and personnel. This effort ensures a comprehensive view of the network security status. It promotes good communication and redundancy in analysis. Centralized network security management also provides the capability to have a comprehensive and real time awareness of network security by integrating all of the tools and knowledge base from the implementation of defense in depth practices. With a few careful considerations for data redundancy and archival, centralized network security management can take advantage of the full power and potential for defense in depth and a hardened security posture.
03/26/2004
|
|
An Introduction to Security Manual This manual is an effort to assist law enforcement agencies and other computer crime investigators by providing a resource guide compiled from the vast pool of information on the Internet. This manual is not intended to replace any formal training or education. This manual should be used as a supplemental guide to reference too. It was not my intention to compile this manual to provide a specific solution for investigators. This was intended to provide a general overview, which would assist in helping to developing a solution. This solution does not have to be hardware or software based. Today policy-based protection can also be incorporated into hardware and software systems.
03/24/2004
|
|
A Guide to Security Metrics If increased security funding does indeed become a trend, this will obviously be welcomed by security managers, and it gives reason to hope that greater progress in addressing the threat of security breaches will follow. As with most concerns that achieve high priority status with executives, however, computer security will become a focal point not only for investment, but also scrutiny for return on that investment. Security managers will more than ever before be held accountable for demonstrating effectiveness of their security programs and the value of those programs to the organization. What means will managers use to meet this challenge? Some experts believe that key among these should be security metrics.2 This guide provides a definition of security metrics, explains their value, discusses the difficulties in generating them, and suggests a methodology for building a security metrics program.
03/24/2004
|
|
Implementing an effective IT Security Program The purpose of this paper is to take the wide variety of federal government laws, regulations, and guidance combined with industry best practices and define the essential elements of an effective IT security program. An effective program includes many elements and the task seems impossible as you begin reading the literally thousands of pages of security documentation published by the National Institute of Standards and Technology (NIST), the Office of Management and Budget (OMB), the National Security Agency (NSA), and the General Accounting Office (GAO), just to name a few. This paper will highlight important elements in a short, easy to read guide. This paper is not intended to identify every security program element in detail, but should give the reader a good basis on how to implement an effective security program.
03/24/2004
|
|
Information Classification- Who, Why, and How? This paper will clarify who should be determining appropriate company protection needs. It will also demonstrate why information classification is a necessary, efficient and effective means to convey business driven information protection requirements. Last, it will offer a method for classifying information to persuade readers from accepting that their company should implement a data classification system to recognizing that it can.
03/24/2004
|
|
Security Program Management and Risk Information security should be managed as a program that requires the same degree of attention and responsibility as other resourced programs within an organization. This paper argues for building a security management program on a foundation of business risk assessment and risk management. It defines and explains risk, risk assessment, risk management and relates business risk management to security risk management. A synopsis of the steps in risk management and guidance on the key components for effectively implementing a security risk management program into an enterprise is provided. The reader should have a fuller understanding of the best practices associated with risk assessment and risk management and be able to use risk analysis to communicate with business process owners in terms of the risks to confidentiality, integrity, and availability in their areas of concern.
03/24/2004
|
|
Web Application Security for managers As a manager, part of your job is to plan and prioritize tasks and to control the work done. To plan and prioritize tasks, you need to have a global overview of all issues. To control the work done, you need a basic understanding of the subject. The first part of the article intends to convince the reader that web application security matters. This may not be obvious to all managers. They sometimes believe that a firewall and the use of the SSL protocol are enough to secure a web application. The second part of the article surveys some of the potential problems and discusses solutions. We will look at issues like data manipulation, input validation, SQL query poisoning, session hijacking, and some others. The article ends with a summary of the recommendations.
03/24/2004
|
|
The Questions Of Web Pornography: Balancing Security and Privacy Unless you're exceptionally lucky, at some point in your career as an information technology (IT) security specialist, a client will ask you to deal with pornography in some manner. This could be a request to implement Internet browsing filters, or investigate a user suspected of downloading adult material, or craft a policy protecting the client organization from litigation involving obscene exposure (so to speak). Familiarization with the dilemmas inherent to such activity is advised, yet somewhat difficult.
03/23/2004
|
|
Ghosts in the machine: The who, why, and how of attacks on information security Information Security is the field devoted to maintaining the confidentiality, integrity and availability of information [Harris]. Organizations from small home offices to multinational conglomerates have information that needs protected, not to mention the secrecy needs of nations and the bureaucracies that govern them. Billions of dollars are spent to provide the needed security every year. But who are we protecting ourselves against? What is the threat we face? Why are we being attacked? How can we use this knowledge to protect ourselves?
02/18/2004
|
|
Page: 12345 6 7 |
