Inside the Briefcase
This white paper will examine some of the challenges that modern organizations face in their efforts to develop and adapt a compliance program to solve today’s needs and support new requirements in the future.
This white paper is divided into two sections. First it discusses the business issues around insiders, especially IT administrators. Second, it discusses how to reduce or eliminate many of the issues that are described through out the white paper.
This whitepaper outlines seven common challenges assoctaied with securely administering Active Directory, and provides helpful insight into what NetIQ can do to assist you with these difficulties.
To effectively deal with the broad and complex requirements of Payment Card Industry (PCI) data security, you need to break the elements apart to provide enhanced clarity. This document deals with file integrity monitoring for PCI, while providing technical guidance to help ensure PCI compliance before your auditor shows up.
Security vendor McAfee has issued a patch for Endpoint Protection Software as a Service, a product that contained a flaw that would allow hackers to hijack a user’s system and use it to spew spam. A small number of businesses were affected by the flaw, according to McAfee.
A group of scientists has shown the potential for quantum computers in a cloud-based system to provide a new level of security using so-called blind computing. The idea behind blind quantum computing is that the computer processing data doesn’t know anything about the input, the computation it performs on that input or the resulting output.
The Stop Internet Piracy Act is losing friends fast as website protests Wednesday directed the public’s attention toward the proposed legislation. Sites like Google ran home-page links to information on SOPA, and sites like Wikipedia blacked out for the day in protest. Some members of congress have said the bill is as good as dead.
The routine is almost universal. Every day, millions of workers turn on their computers, take a second or two for a sip of coffee as their desktop or laptop “boots up,” and then get to work. In those few seconds, the basic input-output system (BIOS) of the computer loads the protocols that actually run the PC — in effect, acting the same as the shot of coffee that helps the worker wake up and start functioning. Pretty simple…. Only when it’s not.
It’s not clear whether Facebook’s outing of members of the Koobface gang will pressure them to stop flooding the Web with malware or merely add to their notoriety. Authorities in Russia, where the gang is headquartered, haven’t displayed much interest in their capture. “The unfortunate reality is that Koobface will continue to wreak havoc,” predicted security expert John Viega.
Recent research on cloud computing in healthcare suggests that many IT managers are reluctant to store critical patient-related data in a cloud-computing environment.
AppRiver, LLC, a provider of email messaging and Web security solutions, today released its year-end Threat and Spamscape report.
Despite the pleas of some regulators and the advertising industry, the overlords of the Internet — the Internet Corporation for Assigned Names and Numbers (ICANN) — plunged forward last week with its plan to drastically expand the number of generic top level domains on the Net. Generic Top Level Domains (gTLDs) are what come after the dot in an Internet address — .com, .net, .org, .gov and so forth. Under the new ICANN scheme, anyone can have anything they want after that dot — as long as they have the cash to do it.
The majority of data breaches stem from hack attacks, followed by data that’s lost while physically in transit.
IBM today announced a new identity intelligence breakthrough designed in IBM labs to provide corporations with a far more sophisticated approach to managing the information employees can access.
Businesses face an increasingly complex set of threats to their Web applications—from malware and advanced persistent threats (APTs) to disgruntled employees and unintentional data leaks.
With the apparent resurgence of hacker community Anonymous, as well as concerns that cybercriminals may have recently penetrated the networks of a number of small utilities, two United States federal government initiatives to improve cybersecurity were launched this past week.
Hackers have posted the source code for two Symantec security products, claiming they obtained the information from systems belonging to Indian military intelligence. The products affected are four and five years old, Symantec said. “If the source code from product released in the past three or four years was compromised, I’d be pretty concerned,” said security consultant Randy Abrams.
Twitter does have rules in place against creating accounts to impersonate others — or requiring that the impersonation be acknowledged, in the case of a parody. However, relatively few celebrities or public figures seem to find themselves in the position of Rupert Murdoch’s wife, Wendi Deng, whose name was briefly attached to a Twitter account she didn’t authorize.
Anonymous hackers let fly with the information they pilfered from Stratfor, dumping on the Web for all to see Friday. Hundreds of thousands of usernames, email addresses and hashed passwords were included. SpecialForces.com, a site that sells military clothing and personal gear, also found itself in hackers’ crosshairs.
Security scares are so commonplace in the tech industry today that it’s virtually impossible to keep track of them all. Security scares in the Linux world, however, are still rare enough as to cause at least a small collective gasp of consternation.
Read the Security Predictions of Mobile, Enterprise, Web, Hardware, and Social.
Three Laws Mobility’s new Android enterprise security solution allows encryption to be applied to all the data on a phone or just to corporate applications. Administrators can control what apps will run on the phone with white and black lists. Single-platform solutions like the one offered by 3LM, though, can create problems for administrators and corporate purchasing departments.
Google’s long insisted on taking a relatively open stance on Android and Android applications. That’s made Android a very popular platform — even among malware authors. Although Amazon uses Android in its Kindle Fire, it holds its own app store on a shorter leash. Is Amazon’s management of its app store an example other Android app vendors should follow?
A country or region’s power supply is a juicy target for cyberattack, especially if it’s made part of a larger assault. Is the United States’ grid adequately protected? Studies on the matter have raised serious doubts. Millions of new communicating electronic devices could introduce new options for attack that may result in anything from loss of control over grid devices to loss of communications.
The end of the year is one of the riskiest times for information security. Attack levels rise right at the time IT staff attendance typically takes a dip. Adjusting to this critical period isn’t easy, but collecting the right information now can help you take a better course of action when this season rolls around next year.
“Trustworthy Cyberspace: Strategic Plan for the Federal Cybersecurity Research and Development Program” is the name of the White House’s new roadmap to guide cybersecurity research and development. It identifies four strategic thrusts: inducing change, developing scientific foundations, maximizing research impact and accelerating transition to practice.
In today’s reality of numerous high-profile data thefts, the last thing an IT manager or department head needs is their company becoming part of the news headlines and the next big data breach. Thankfully, there is no shortage of solutions and techniques to consider for maintaining data security.
AuthenTec, a leading provider of mobile and network security, announced that its AES850 smart fingerprint sensor is now integrated on a new Fujitsu smartphone, the REGZA Phone T-01D Android model now available from NTT DOCOMO, Inc. AuthenTec’s AES850 – the world’s smallest fingerprint matching and navigation device for mobile phones – enhances the features and functionality of the waterproof REGZA Phone T-01D by providing security that locks and unlocks the phone, locks/unlocks user-chosen applications and enhances the speed and security of NFC mobile payments
Tweet SOURCE: NetworkWorld One of the main reasons for deploying desktop virtualization is the security advantages it can provide, such as keeping sensitive data off the endpoint, according to Citrix. And Citrix is practicing what it preaches at its Ft. Lauderdale, Fla., headquarters where employees, for example, use the Citrix virtualization product Citrix Receiver for […]
With the proliferation of cloud computing, how does an organization manage IT security, compliance, and audit? Cloud computing poses new challenges for IT security, compliance and audit professionals who must protect corporate data and IT assets, and verify compliance of security controls.
