IT risk management

Risk management is an increasingly important discipline for IT leaders, with regulatory compliance an ever-present consideration and the amount of legislation and regulation concerning data security on the rise. We examine the issues around IT risk management and the best practices that IT managers need to know.

News 25 Oct 2024
Dutch critical infrastructure at risk despite high leadership confidence

Stark paradox in Dutch cyber security landscape has business leaders expressing high confidence in their IT infrastructure as cyber attacks rise Continue Reading
News 11 Jul 2024
Dutch research firm TNO pictures the SOC of the future

In only a few years, security operations centres will have a different design and layout, and far fewer will remain Continue Reading

News 26 Mar 2007

What are some of the best practices for managing the growth of unstructured data?

It starts with corporate policies around data management... Continue Reading
News 26 Mar 2007
Web 2.0: CIOs want it their way

A new study found CIOs want Web 2.0 technology, but they're a little insecure about getting it from emerging specialized vendors. Continue Reading
By
- Shamus McGillicuddy, Enterprise Management Associates
News 26 Mar 2007
Metasploit Framework 3.0 released

Brief: Metasploit Framework 3.0 contains 177 exploits, 104 payloads, 17 encoders and 30 auxiliary modules that perform such tasks as host discovery and protocol fuzzing. Continue Reading
By
- SearchSecurity.com Staff
News 26 Mar 2007

How can a company set retention policies with such a glut of unstructured data?

It depends; there are no easy answers to this. There are a number of initiatives that a company should undertake, including disaster recovery, business continuity planning, Sarbanes-Oxley compliance and data security... Continue Reading
News 26 Mar 2007

Are there regulatory compliance issues related to unstructured data?

The most important issue is legal discovery. You may not know what you have or how to find it, so it can be very difficult to find the files that may be required by a court of law... Continue Reading
News 25 Mar 2007
Microsoft investigates Windows Vista Mail flaw

Attackers could exploit a flaw in Windows Vista Mail to compromise PCs by tricking the user into opening a malicious email attachment. Microsoft is investigating. Continue Reading
By
- Bill Brenner
News 22 Mar 2007
Flaws haunt protocol tied to national infrastructure

Also: A weakness is found in Windows settings, Microsoft investigates a new Vista flaw, and flaws are addressed in OpenOffice.org and Firefox. Continue Reading
By
- SearchSecurity.com Staff
News 22 Mar 2007
Mozilla releases Firefox fix

One newly-discovered flaw and several glitches introduced in the last update have been fixed with Mozilla's release of Firefox 2.0.0.3 and 1.5.0.11. Continue Reading
By
- Bill Brenner
News 22 Mar 2007

Midrange storage array specifications

Product snapshots highlighting key specifications for a cross section of midrange storage array products. Continue Reading
Feature 21 Mar 2007

Symantec threat report under the microscope

This week in Security Blog Log: Infosec professionals dissect Symantec's latest threat report and express a range of views in the blogosphere. Continue Reading
News 21 Mar 2007
Hackers broaden reach of cross-site scripting attacks

An explosion of AJAX-based applications has increased the damage that cross-site scripting (XSS) attacks can inflict on machines. A new tool uses XSS flaws to create a botnet. Continue Reading
By
- Dennis Fisher
Feature 21 Mar 2007

Measuring Vista's true security muscle will take time

Researchers are digging through the Windows Vista code right now, and when they find flaws we'll hear about it. But it's the ones we don't hear about that should keep us up at night. Continue Reading
News 20 Mar 2007
NAC panel says technology may not add up

A panel discussing the potential of using network access control (NAC) says the technology may not be worth the price of deploying and maintaining it. Continue Reading
By
- Robert Westervelt, TechTarget
News 19 Mar 2007
Internet complexity, insecurity could stifle innovation, expert says

Security threats are driving vendors to produce software and devices that automatically update and run only proprietary software with no effort from the end user. The result could be less flexibility and innovation, one expert says. Continue Reading
By
- Robert Westervelt, TechTarget
News 18 Mar 2007
Symantec: Data thieves thrive on zero-day flaws

According to Symantec's threat report for the second half of 2006, attackers exploited misplaced USB drives and zero-day flaws to steal vast amounts of data. Expect more of the same in 2007. Continue Reading
By
- Bill Brenner
News 18 Mar 2007
Hacker techniques use Google to unearth sensitive data

Those who know where to look could use Google to dig up all sorts of sensitive company information, including intellectual property and passwords, one security expert warns. Continue Reading
By
- Bill Brenner
Feature 14 Mar 2007
LexisNexis fights crime with storage

The document search company is offering a new data forensics service staffed by former federal agents and powered by commodity NAS. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 13 Mar 2007
NEC reveals HydraStor grid storage

NEC announces its HydraStor array for secondary storage, touting its grid storage architecture, automated policies for data management and scalable deduplication. Continue Reading
By
- Jo Maitland, TechTarget
News 13 Mar 2007

What are some best practices for retaining data in a highly regulated business environment?

Have a good information retention policy. I see a lot of organizations where they retain backups or copies of databases, but they don't know why they're retaining it or for how long... Continue Reading
News 08 Mar 2007
Review: eGuardPost a B+ overall

eGuardPost is a well-designed and highly capable product that meets an important need. It has strong security and great forensics capabilities. Continue Reading
By
- Steven Weil, Point B
News 08 Mar 2007
Review: Sun Java System Identity Manager 7.0 'impressive'

Hot Pick: Sun Java System Identity Manager 7.0 excels with agentless connectors, scalability and amazing auditing. Continue Reading
By
- Brad Causey
News 07 Mar 2007
Microsoft cancels Patch Tuesday as DST looms

IT administrators who are struggling to apply all their daylight-saving time (DST) patches will get a break from Microsoft next week, as no new security fixes will be released. Continue Reading
By
- Bill Brenner
News 07 Mar 2007
Symantec acquires automated risk assessment firm

Symantec has acquired Reston, Va.-based 4FrontSecurity, a maker of automated risk analysis and security management tools. An expert says it's the latest sign that the security risk assessment market is heating up. Continue Reading
By
- Robert Westervelt, TechTarget
News 06 Mar 2007
Tape restoration firm accelerates restores

National Data Conversion uses Index Engines technology to speed up tape restores for litigation. Continue Reading
By
- Jo Maitland, TechTarget
News 04 Mar 2007
Expert: NAC not a network security cure-all

According to an expert at Black Hat DC, NAC success demands careful planning and a good understanding of the company network; otherwise, implementations can quickly go awry. Continue Reading
By
- Robert Westervelt, TechTarget
News 01 Mar 2007
Linksys, Gateway launch low-end NAS

Cisco subsidiary Linksys and PC maker Gateway launch new NAS products for small businesses and consumers. Continue Reading
By
- SearchStorage.com
Feature 28 Feb 2007

PING with Mark Odiorne

Mark Odiorne, CISO at Scottish Re, provides insights on pen testing procedures, prioritising security for senior management and keeping compliant. Continue Reading
News 28 Feb 2007
RFID cloning presentation moves forward despite legal threats

Chris Paget, director of research and development at IOActive spoke mainly about the science behind RFID tags and readers and the inherent security issues of the technology. Continue Reading
By
- Dennis Fisher
Feature 28 Feb 2007

RFID dispute: Vendors still hostile toward full disclosure

Many vendors still believe that security by obscurity is still the best policy and make it a priority to silence vulnerability researchers. Continue Reading
News 27 Feb 2007
McAfee fixes flaw in Mac antivirus software

Attackers could exploit the hole in McAfee's Virex 7.7 antivirus program for Mac OS X to bypass the malware scanner, but a fix is available. Continue Reading
By
- SearchSecurity.com Staff
News 27 Feb 2007
'Worm' targets Sun Solaris Telnet flaw

Security researchers have found evidence that a worm is trying to exploit the recently patched Telnet flaw in Sun Solaris. Experts say it's another reason to stay away from Telnet. Continue Reading
By
- Bill Brenner
News 27 Feb 2007
Wireless security: IT pros warily watching mobile phone threats

Security experts have warned repeatedly that mobile phone attacks will grow as the devices become more sophisticated. IT administrators are starting to believe them. Continue Reading
By
- Bill Brenner
Feature 26 Feb 2007
RFID privacy, security should start with design

Companies planning to deploy radio frequency identification technology (RFID) must demand that privacy and security issues are addressed early. Continue Reading
By
- Robert Westervelt, TechTarget
News 26 Feb 2007
Storm rages again: Self-morphing Trojan uses blogs to spread rootkits

A new variant of the Storm Trojan that changes with each download is infecting blog sites with malicious URLs, intercepting traffic when visitors try to post comments. Continue Reading
By
- Bill Brenner
News 25 Feb 2007
HP announces iSCSI VTL for SMBs

HP's new iSCSI VTL devices include automated backup capabilities for users with fewer than four servers. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 25 Feb 2007
PatchLink acquires STAT Guardian tool

PatchLink says it will add more muscle to its vulnerability management portfolio by acquiring the STAT Guardian tool from IT vendor Harris Corp. Continue Reading
By
- Bill Brenner
Feature 22 Feb 2007

Microsoft takes a blogosphere beating over Vista UAC

This week in Security Blog Log: Industry experts take Microsoft to task over a "very severe hole" in the design of Vista's User Account Controls (UAC) feature. Continue Reading
News 22 Feb 2007
Google offers 10 GB inbox

The search engine giant is offering an email application on a subscription basis with five times the storage capacity of the free version. Continue Reading
By
- SearchStorage.com Staff
Feature 22 Feb 2007
Flaws haunt Symantec, IBM, Cisco and IE

Bug Briefs: Security holes plague Symantec Norton products, IBM DB2; Mozilla Firefox; Trend Micro ServerProtect; Cisco IP phones; Google Desktop; IE and Snort. Continue Reading
By
- SearchSecurity.com Staff
News 21 Feb 2007
Cisco warns of IP phone flaws

Attackers could circumvent security restrictions by exploiting flaws in certain Cisco IP phones, the networking giant warned Wednesday. Continue Reading
By
- Bill Brenner
Feature 21 Feb 2007

Data breach: If customers don't act, data will remain at risk

To make enterprises take data security seriously, customers must take control of their personally identifiable information and stop handing it out to businesses. Continue Reading
News 20 Feb 2007
Cisco routers threatened by drive-by pharming

Millions of Cisco routers in circulation could be compromised by a newly-discovered attack technique Symantec calls drive-by pharming, the networking giant warned in an advisory. Continue Reading
By
- Bill Brenner
News 20 Feb 2007
Microsoft confirms new IE flaw

Attackers could exploit a new flaw in Internet Explorer (IE) to access local files on targeted systems, Microsoft confirmed Tuesday. Continue Reading
By
- Bill Brenner
News 20 Feb 2007
TJX data breach worse than initially feared

Hackers had access to a larger amount of customer data, TJX executives said in a statement. Continue Reading
By
- Dennis Fisher
News 19 Feb 2007
Sourcefire fixes Snort flaw

Attackers could exploit a flaw in the popular open source Snort IDS tool to cause a denial of service or launch malicious code. Continue Reading
By
- Bill Brenner
News 19 Feb 2007
When security firms merge, some users are losers

Some users see their services improve when IT security vendors merge with other companies or get acquired. Others say they've been left out in the cold. Continue Reading
By
- Bill Brenner
News 19 Feb 2007

Quiz: Compliance improvement -- Get better as you go forward

A five-question multiple-choice quiz to test your understanding of the content presented by expert Richard Mackey in this lesson of SearchSecurity.com's Compliance School. Continue Reading
News 14 Feb 2007
New attack technique threatens broadband users

Millions of broadband users across the globe are threatened by a new attack technique called drive-by pharming Continue Reading
By
- Bill Brenner
News 12 Feb 2007
Mobile carriers admit to malware attacks

Eighty-three percent of mobile operators surveyed by McAfee Inc. say they've suffered malware infections, but two competing security vendors say the overall threat is still small. Continue Reading
By
- Bill Brenner
News 12 Feb 2007
Microsoft fixes zero-day flaws in Word, Office

Twelve security updates from Microsoft fix a range of problems, including a flaw in the Malware Protection Engine and previously-exploited zero-days glitches in Word and Office. Continue Reading
By
- Bill Brenner
News 12 Feb 2007
Skype makes more enterprise inroads

Skype has teamed with FaceTime Communications to give companies more control over Skype use within the enterprise. Continue Reading
By
- Andrew R. Hickey, Senior News Writer
News 11 Feb 2007
Cybersecurity czar signals government cooperation at RSA Conference

Cybersecurity chief, Greg Garcia told RSA Conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. Continue Reading
By
- Marcia Savage, Features Editor, Information Security Magazine
News 11 Feb 2007
Solaris 10 has zero-day Telnet flaw

Attackers could exploit a zero-day flaw in Solaris 10's Telnet daemon to bypass authentication and gain unauthorized system access, security experts warn. Continue Reading
By
- Bill Brenner
News 10 Feb 2007

Cisco VoIP managment guide: Required management tasks

Comprehensive VoIP management includes the basic network management tasks, but also includes monitoring services such as dial tone delivery, call success rates, telephony delays and impairments, as well as call quality. VoIP telephony management is categorized here. Continue Reading
News 08 Feb 2007
Roundup: Vista security, breakability touted at RSA Conference

At RSA Conference 2007, Microsoft extolled the security virtues of its new operating system, but others weren't afraid to demonstrate how Vista security is lacking. Continue Reading
By
- SearchSecurity.com Staff
News 08 Feb 2007
New storage IPOs report losses

Of the 2006 "graduating class" of storage IPOs, two reported losses this week in their first quarter as public companies. Continue Reading
By
- SearchStorage.com Staff
News 07 Feb 2007
Briefs: Vulnerabilities found in Trend Micro, Firefox browser

This week, Trend Micro released a fix for a flaw in its antivirus engine, while no fixes are available for two newly discovered Mozilla Firefox browser flaws. Continue Reading
By
- Edmund X. DeJesus, Contributor
News 07 Feb 2007
EMC plans array-based encryption via PowerPath

EMC's next security move will be array-based encryption through PowerPath by 2008, according to internal documents obtained by SearchStorage. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 05 Feb 2007
CA backup bug exploitable on Vista

In what appears to be the first exploit for a third-party app running on Vista, a previously patched buffer overflow vulnerability in CA BrightStor ARCserve Backup has been exploited. One security firm says ISVs aren't taking advantage of Vista's new security features. Continue Reading
By
- Michael Mimoso, TechTarget
News 05 Feb 2007
Acopia hypes heterogeneous snapshot

The file virtualisation startup is blustering about a demonstration of heterogeneous snapshot technology, but is being coy about releasing a product. Continue Reading
By
- SearchStorage.com Staff
News 05 Feb 2007
Symantec chief: Consumer confidence in data protection is key to online growth

In his keynote at RSA Conference 2007, Symantec CEO John W. Thompson said Big Yellow is ready for the shifting dynamics in the information security market, and implied that Microsoft's growing presence in security is a conflict of interest for its customers. Continue Reading
By
- Rob Westervelt, News Editor
News 05 Feb 2007
Rootkit dangers at an 'all-time high'

Industry experts at RSA Conference 2007 say not only have rootkits become the weapon of choice for malicious hackers, but they've also emerged as useful tools for legitimate businesses trying to exert control over users. Continue Reading
By
- Dennis Fisher
News 05 Feb 2007
Coviello: In 3 years, no more stand-alone security

RSA President Art Coviello says today's patchwork of monolithic security devices will disappear in the next three years as security is integrated into the larger IT infrastructure. Continue Reading
By
- Bill Brenner
News 05 Feb 2007
VoIP security, unified communications need questioned

VoIP security issues and questions about the business need for unified communications have stalled adoption of both technologies, according to CompTIA's recent survey. Continue Reading
By
- Kate Dostart, Associate Editor
News 05 Feb 2007
Gates touts secure access anywhere

Microsoft's chairman tells RSA Conference 2007 attendees that a combination of authentication and access management strategies is what it takes to protect corporate data, but information security pros are willing to wait for the proof. Continue Reading
By
- Michael Mimoso, TechTarget
News 05 Feb 2007

RSA Conference 2007: Product announcements

RSA Conference 2007: Product announcements Continue Reading
News 04 Feb 2007

RSA Conference 2007: Special news coverage

Check out news, interviews, product announcements, podcasts and more live from the RSA Conference 2007 in San Francisco. Continue Reading
News 04 Feb 2007
Vista exploitable, researcher says

Marc Maiffret, CTO and chief hacking officer of eEye Digital Security, said he has found a way to elevate system privileges by exploiting a flaw in Windows Vista. Continue Reading
By
- Bill Brenner
News 04 Feb 2007
CISOs mastering 'softer' skills

Why CISOs can no longer rely on technology skills alone and what businesses are looking for when recruiting their next information security leader. Continue Reading
By
- Amber Plante, Assistant Managing Editor, Information Security magazine
News 04 Feb 2007
Email security buying decisions

Email security can be a daunting task for SMBs -- how do you go about finding the right product? This tip delves into three approaches to email security and the products available. Continue Reading
By
- Joel Dubin, CISSP, Contributor
News 04 Feb 2007
Dozens of Web sites spread malicious Trojan

Update: The same malicious JavaScript keylogger that compromised the Dolphin Stadium Web site last week was found over the weekend on dozens of other high-profile Web sites. Continue Reading
By
- Eric Parizo, Senior Analyst
News 04 Feb 2007
New zero-day attack targets Microsoft Excel

Microsoft says maliciously crafted Excel files may permit the execution of arbitrary code. Other Microsoft Office applications may be at risk. Continue Reading
By
- Edmond X. DeJesus, Contributor
News 04 Feb 2007
HDS to acquire Archivas for up to $120M

HDS will acquire archiving software partner, Archivas for close to $120 million stepping up its effort to compete with EMC in this market. Continue Reading
By
- Jo Maitland, TechTarget
News 04 Feb 2007
HP fills in gaps with product updates

HP announced updates to several of its products, but analysts are wondering what its ultimate strategy will be for storage virtualisation. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 04 Feb 2007
Intrusion detection systems are alive and kicking

IPS hasn't overtaken intrusion detection systems just yet. Senior News Writer Bill Brenner reveals what customers want when they're shopping for IDS products. Continue Reading
By
- Bill Brenner
Feature 31 Jan 2007

New security vendors take on sophisticated attackers

IT Security vendors are developing technologies that show promise in preventing unknown attacks and protecting machines with zero-day vulnerabilities. Continue Reading
News 30 Jan 2007
Microsoft disputes Word zero-day report

Symantec is warning of a new zero-day vulnerability in Microsoft Word. But Microsoft doesn't believe the flaw is new. Continue Reading
By
- Bill Brenner
News 30 Jan 2007
Lawyers discuss e-discovery gotchas

During panel sessions at Legal Tech, lawyers provided their insights into the e-discovery process, retention policies and helping judges get up to speed. Continue Reading
By
- Jo Maitland, TechTarget
News 30 Jan 2007
Symantec unveils 'universal ID system'

Symantec said the goal is to create a universally accepted identity system across all Web sites -- from online financial institutions to retailers -- for millions of consumers. Continue Reading
By
- SearchSecurity.com Staff
News 30 Jan 2007

Using IAM tools to improve compliance

Provisioning and password management tools can ease complexity, reduce help desk calls and save money. But they also have an added benefit: they can help with your compliance woes. Continue Reading
News 29 Jan 2007
TJX faces lawsuit over data breach

A class action lawsuit against TJX accuses the retailer of negligence for not doing enough to secure customer data and for keeping quiet about the breach for a month. Continue Reading
By
- Bill Brenner
News 28 Jan 2007
IBM improves data recovery process for TSM users

Tivoli Storage Manager 5.4, released this week, establishes a disk cache for most recently backed-up files, improving the slow restore times associated with the product. Continue Reading
By
- Jo Maitland, TechTarget
News 28 Jan 2007
IBM to acquire Softek, looks to pump up services biz

IBM says it intends to use Softek's Transparent Data Migration Facility within its Global Services business. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 25 Jan 2007

Balancing the cost and benefits of countermeasures

The final tip in our series, "How to assess and mitigate information security threats." Continue Reading
News 25 Jan 2007

How to assess and mitigate information security threats

Learn how to assess and mitigate information security threats, like rootkits, worms and Trojans in the tip series created in collaboration with Realtimepublishers and Dan Sullivan, author of The Shortcut Guide to Protecting Business Internet Usage. Continue Reading
News 25 Jan 2007

Malware: The ever-evolving threat

The first tip in our series, "How to assess and mitigate information security threats" Continue Reading
News 25 Jan 2007

Network-based attacks

The second tip in our series, "How to assess and mitigate information security threats." Continue Reading
News 25 Jan 2007

Information theft and cryptographic attacks

The third tip in our series, "How to assess and mitigate information security threats." Continue Reading
News 25 Jan 2007
IBM tool makes online purchases anonymous

A new tool makes online purchases anonymous by using artificial identity information. Experts say enterprises need to adopt the technology before it can become a viable option. Continue Reading
By
- Robert Westervelt, TechTarget
News 25 Jan 2007
Symantec makes major update to Enterprise Vault

Symantec adds automated data classification and integration with security products in Version 7.0 of its Enterprise Vault archiving tool; EMC reports record earnings for the fourth quarter. Continue Reading
By
- SearchStorage.com Staff
News 25 Jan 2007
Apple fixes Mac Wi-Fi flaw

The Mac OS X Wi-Fi flaw Apple fixed on 24 Jan was first disclosed as part of the Month of Kernel Bugs in November. Attackers could exploit it to crash the targeted system. Continue Reading
By
- Bill Brenner
News 24 Jan 2007
Microsoft investigates new Word zero-day

An unpatched memory-corruption flaw in Microsoft Word is the target of "limited" attacks in the wild, Microsoft confirmed Thursday. Continue Reading
By
- Bill Brenner
News 24 Jan 2007
TJX data breach info used to make fraudulent purchases

Fraudulent purchases have been reported globally, according to a trade association that represents more than 200 banks in Massachusetts. Continue Reading
By
- Robert Westervelt, TechTarget
News 23 Jan 2007
Cisco fixes IOS flaws

Attackers could exploit three Cisco IOS flaws to cause a denial of service or launch malicious code. The networking giant has released fixes. Continue Reading
By
- Bill Brenner
News 23 Jan 2007
McAfee: Malware all about ID theft

The use of keylogger technology is surging and there's been a 100-fold rise in phishing attacks, according to a new report from McAfee. Continue Reading
By
- Bill Brenner, Senior News Writer
News 18 Jan 2007
ID theft victim to TJX customers: Mind your data

Customers should guard their own data, says one ID theft victim. Meanwhile, some in the banking industry say TJX may have stored more data than necessary. Continue Reading
By
- Bill Brenner
Feature 18 Jan 2007
Vendors: Cut the hype, truth is what sells

Storage virtualisation technologies have been purchased and implemented successfully for years. The rest of the IT infrastructure must try to catch up and, ultimately, the only thing not virtualised within the datacentre will be the last guy standing. Continue Reading
By
- Steve Duplessie, founder and senior analyst for the Enterprise Strategy Group
News 17 Jan 2007
Data breach at TJX could affect millions

Retailer TJX Companies said a hacker gained access to its systems exposing the credit card data of millions of customers. Continue Reading
By
- Robert Westervelt, TechTarget
Feature 17 Jan 2007

TJX breach: There's no excuse to skip data encryption

Companies complain that database encryption products are too expensive and difficult to manage, but customer loss and breach notification costs outweigh encryption expenses. Continue Reading
News 17 Jan 2007
Companies take IM threats seriously

Wesabe is a brand new money management community. It takes threats to IM as seriously as those targeting email and web applications Continue Reading
By
- Mark Baard