IT risk management

Risk management is an increasingly important discipline for IT leaders, with regulatory compliance an ever-present consideration and the amount of legislation and regulation concerning data security on the rise. We examine the issues around IT risk management and the best practices that IT managers need to know.

News 20 Nov 2024
Government issues strategic priorities for online safety regulator Ofcom

Technology secretary Peter Kyle sets out the government’s strategic priorities for how Ofcom should approach regulating online safety, including embedding safety by design and supporting innovation in technologies to help protect people online Continue Reading
By
- Sebastian Klovig Skelton, Data & ethics editor
News 19 Nov 2024
AI readiness stalls in APAC

Despite significant investment in AI, only 15% of organisations in Asia-Pacific are ready to deploy the technology today, according to Cisco’s latest regional AI readiness survey Continue Reading
By
- Stephen Withers

News 23 Oct 2006

What storage managers are buying and why, page 6

What storage managers are buying and why Continue Reading
News 23 Oct 2006
Security researcher, professor influences students for life

Dorothy Denning, a professor of defense analysis at the Naval Postgraduate School, has contributed to the field of data security. Her work earned her a Security 7 award. Continue Reading
By
- Marcia Savage, Editor
News 23 Oct 2006
SDL expected to help fulfil Vista security promises

Windows Vista is expected to be the most secure Microsoft product released thanks to the company's implementation of the Security Development Lifecycle (SDL). Continue Reading
By
- Michelle Davidson, TechTarget
News 22 Oct 2006

Enhanced Identity and Access Management

From consolidating directories to automating provisioning and rolling out single sign-on, these sessions identify how leading organizations are strengthening authorization and enforcing access controls. Continue Reading
News 22 Oct 2006

Snyder On Security: An insider's guide to the essentials

Joel Snyder, senior partner with consultancy Opus One, provides an in-depth look at information security trends and technologies. Continue Reading
News 18 Oct 2006
Rural Payments Agency project failed after IT system costs spiralled

Delays in implementing a bespoke IT system led to the Rural Payments Agency (RPA) failing to pay subsidies to farmers on time, according to a National Audit Office report. Continue Reading
By
- Will Hadfield
Feature 16 Oct 2006

Nmap Technical Manual

By now, most infosec pros have heard of Nmap, and most would agree that even though the popular freeware tool is invaluable, installing, configuring and running it in the enterprise is no easy task. With that in mind, SearchSecurity.com, in collaboration with security expert Michael Cobb, has produced an Nmap Tutorial, detailing how this free tool can help make your organization more secure. Continue Reading
News 16 Oct 2006
Security Bytes: Flaws fixed in Bugzilla

Meanwhile, security holes are also plugged in Cisco's Wireless Location Appliance software and Clam AntiVirus. Continue Reading
By
- Bill Brenner
Feature 12 Oct 2006

Security Blog Log: Taking Google Code Search for a spin

This week, the blogosphere is buzzing about Google Code Search. Despite concerns that the tool will aid attackers, some see it as a boost for security. Continue Reading
Feature 10 Oct 2006

Inside MSRC: Public vulnerability disclosures on the rise

Even though irresponsible publicly disclosed vulnerabilities seem to be on the rise, Microsoft's Christopher Budd discusses how the software giant was able to quickly release a fix for the recent VML flaw, plus offers best practices on how to make sure all of this month's software updates are installed correctly. Continue Reading
News 10 Oct 2006
McAfee CEO Samenuk retires in wake of options probe

The investigation into stock option grants is complete and company president Kevin Weiss has been fired, as well. Continue Reading
By
- Dennis Fisher
News 10 Oct 2006
Google Code Search gives security experts a sinking feeling

The new search tool from Google can help developers find useful code examples. But security experts worry that it also will make attackers' jobs that much easier. Continue Reading
By
- Dennis Fisher
News 09 Oct 2006

Banking on the future

As the banking landscape changes and global competition takes hold, IT offers banks a way of differentiating themselves from the competition, so how do they balance innovation and imitation in this tough market sector? Continue Reading
News 09 Oct 2006
Midmarket IT pros have NAC for identity, access management

Midmarket firms may not have the budgets of large companies, but IT pros can build identity and access management programs that are as effective as what the big guys have. Continue Reading
By
- Bill Brenner
News 09 Oct 2006
Symantec unveils Security 2.0 initiative

As part of Security 2.0, Symantec unveiled new products and partnerships with VeriSign and Accenture to help customers secure their databases, manage risk and fight ID theft. Continue Reading
By
- Bill Brenner
News 04 Oct 2006

Tiered storage becoming tried and true

Tiered storage matches the value of data with the performance (and expense) of storage. Ideally, tiered storage can save money, while easing the access demands to any single storage tier. While tiered storage has clearly brought storage costs and performance into focus, it has yet to reach its full potential in the enterprise. Continue Reading
Feature 03 Oct 2006
School district expels outsourced backup, enrolls CDP

Revere School District dumps tape and outsourced backup, and deploys SonicWall's continuous data protection product. Continue Reading
By
- Alex Barrett, News Director, Data Center Media Group
Feature 03 Oct 2006

Test your IQ: Business continuity -- ANSWER

This type of plan specifies a means of maintaining essential services at the crisis location. Continue Reading
Feature 02 Oct 2006
DPM's Diary: 3 October 2006

Monday Continue Reading
By
- C P Bound
Feature 02 Oct 2006

ZERT rekindles third-party patching debate

This week in Security Blog Log: IT security pros express more reservations about third-party patching, including the CEO of a company that released one a few months ago. Continue Reading
Feature 30 Sep 2006

PING with Suzanne Hall

In this exclusive interview with Information Security magazine, Suzanne Hall, AARP director of IT operations and security, examines how security professionals can enable telecommuters and mobile workers while keeping their data secure. Continue Reading
Feature 27 Sep 2006
On privacy laws, every state is one of confusion

It's getting increasingly difficult for US firms to comply with regulations . David A. Meunier feels that it's time to develop safeguards and processes for this ever-changing regulatory environment. Continue Reading
By
- David A. Meunier
News 26 Sep 2006
Stration worm targets Windows machines

The worm uses several fake email messages, including one claiming to be a security update. Users are advised to avoid unsolicited email attachments. Continue Reading
By
- Bill Brenner
News 25 Sep 2006
IT pros worried about unsecured devices

IT admins keep working to make networks secure even as more unsecured personal gadgets their way into companies. Continue Reading
By
- Eileen Kennedy, News Writer
News 24 Sep 2006
Hijacked consumer machines target the enterprise

Attackers continue to strike gold by targeting consumers who lack the security savvy to address desktop application flaws, according to Symantec Corp. Enterprises ultimately pay the price. Continue Reading
By
- Bill Brenner
Feature 24 Sep 2006
NetApp operations chief talks growth

Tom Georgens, executive vice president and general manager at NetApp -- also rumoured to be in the running as next CEO -- discusses what's driving its growth. Continue Reading
By
- Jo Maitland, TechTarget
News 14 Sep 2006
Secure network perimeter to result from Symantec-Juniper deal

Juniper and Symantec announced a deal to integrate Symantec's client security software with Juniper's security hardware. The result will allow endpoint compliance and access control platforms to secure the enterprise perimeter. Continue Reading
By
- Amanda Mitchell, News Editor
News 14 Sep 2006

Three ways to create clustered storage

Clustered storage systems run on storage servers, NAS gateways and hosts. Here's how to determine which clustered file-system architecture is best for your needs and storage environment. Continue Reading
News 12 Sep 2006
Dell and EMC: Five more years

Dell leans on EMC for support in the face of an SEC investigation and possible delisting from NASDAQ. Continue Reading
By
- Alex Barrett, News Director, Datacenter Media Group
News 11 Sep 2006

Data storage compliance's impact on storage product choices

Data storage compliance is having a tremendous impact on the storage organization, as well as the management practices employed to retain, search, certify and destroy data. It's not just regulations like SOX or HIPAA that influence storage -- there are well over 10,000 regulations that affect data storage, backup and protection across a range of industries. But companies are often left alone in their quest to identify the regulations that relate to them, identify what data should be saved and implement storage to meet those regulations. This article covers the essential goals of data storage compliance, examines implementation considerations and obstacles and reviews the impact of compliance on storage. Continue Reading
News 11 Sep 2006
Security Bytes: Hackers target the Terminator

In other news, Symantec upgrades its Norton product line and the Anti-Phishing Working Group says phishing activity soared this summer. Continue Reading
By
- SearchSecurity.com Staff
Feature 10 Sep 2006

Storage upstarts are tipping the vendor scales

The big storage vendors are always trying to steal a piece of each other's pie. But some small tech upstarts might play big parts in determining who comes out on top. Continue Reading
News 06 Sep 2006

Fast Guide: VoIP encryption

A guide to encryption within VoIP networks Continue Reading
News 06 Sep 2006
Security Bytes: New flaw in Cisco IOS

Security news including Cisco, Mozilla hires a former Microsoft strategist to bolster security, a new "pump-and-dump" stock spam campaign is discovered and TippingPoint lists info on new flaws. Continue Reading
By
- SearchSecurity.com Staff
Feature 06 Sep 2006

Security Blog Log: Word doc scam evades spam filters

Also this week: A researcher gets a harsh reward after flagging a University of Southern California Web site flaw, and more blogs are keeping an eye on the latest security breaches. Continue Reading
News 05 Sep 2006
ControlGuard targets rogue devices

ControlGuard Access Manager is an effective tool for controlling what devices users can add to their workstations and how they are used. Continue Reading
By
- Harris Weisman, Contributing Writer
News 05 Sep 2006
Proofpoint delivers strong messaging security

Proofpoint Messaging Security Gateway is a highly recommended, affordable solution for big enterprises that need protection from email-based attacks. Continue Reading
By
- Phoram Mehta, Contributing Writer
News 04 Sep 2006
Revamped Cisco WAFS worth the wait, users say

Months late, Cisco has finally released a combined Wan optimisation and WAFS product, while startups like Riverbed have been snapping up the customers. But some Cisco beta testers say it has been worth the wait. Continue Reading
By
- Beth Pariseau, Senior News Writer
Feature 04 Sep 2006

Protecting wireless networks: Step 3

Security testing expert Kevin Beaver covers the tools and techniques needed to find and exploit insecure wireless networks. Continue Reading
Feature 04 Sep 2006

Protecting wireless networks: Step 2

Security testing expert Kevin Beaver covers the tools and techniques you'll need to find and exploit insecure wireless networks. Continue Reading
Feature 04 Sep 2006

Wireless network security testing

Attack your own wireless networks to find vulnerabilities before malicious hackers do. Continue Reading
News 31 Aug 2006
Attacks against MS06-040 on the rise

Six pieces of malware are now going after the Windows Server Service flaw outlined in MS06-040, and a spike in attacks has led Symantec to raise its ThreatCon to Level 2. Continue Reading
By
- Bill Brenner
News 31 Aug 2006
Emulex acquisition could cloud future of FC-SATA spec

New Emulex subsidiary Sierra Logic's strength is in FC-SATA bridging technology. Meanwhile, ONStor launches midrange clustered NAS, and Quantum shareholders withhold votes. Continue Reading
By
- Beth Pariseau, Senior News Writer
Feature 31 Aug 2006

Identity and Access Management Security School

This Security School explores critical topics related to helping security practitioners establish and maintain an effective identity and access management plan. Continue Reading
News 30 Aug 2006
Survey: Data breaches difficult to spot, prevent

IT pros worry that false positives and a lack of resources are preventing them from blocking data breaches Continue Reading
By
- Bill Brenner
News 30 Aug 2006
Symantec CIO vies with virtualization, device policy

Symantec CIO David Thompson says virtualization is a big part of the security giant's future and it has developed a policy to mitigate virtualization security risks. Continue Reading
By
- Dennis Fisher
News 30 Aug 2006
Malware database access sparks debate

Should an emerging database of more than 300,000 malware samples remain a walled community for trusted users, or is open access the best way to fight off digital desperados? Continue Reading
By
- Bill Brenner
News 29 Aug 2006
AT&T breach affects 19,000 customers

Online outlaws hacked into an AT&T computer system and stole credit card data on thousands of customers. AT&T has offered to pay for credit monitoring services for those affected. Continue Reading
By
- Bill Brenner
News 29 Aug 2006
An era ends as Tandberg buys Exabyte

The once-dominant player in the tape market has ended a long downward spiral by selling off its assets. At least customers can now count on continued support, analysts say. Continue Reading
By
- Beth Pariseau, Senior News Writer
Feature 29 Aug 2006

Risk management: Data organization and impact analysis

This first article of the Insider Risk Management Guide explains how to data organization is the first step in implementing insider threat controls. Continue Reading
Feature 29 Aug 2006

Risk management: Implementation of baseline controls

This fourth article in the Insider Risk Management Guide examines the implementation of baseline controls. Continue Reading
Feature 29 Aug 2006

Risk management: Baseline management and control

Identifying baseline controls is the second step to implementing insider threat controls as described in this article from SearchSecurity's Insider Risk Management Guide. Continue Reading
Feature 29 Aug 2006

Risk management references

References for our Insider Risk Management Guide. Continue Reading
Feature 29 Aug 2006

Risk management audit

This article explores the audit function in the insider risk management process. Continue Reading
News 28 Aug 2006
Microsoft probes alleged Internet Explorer flaw

A research group claims attackers could launch malicious code using a flaw in the way Internet Explorer instantiates certain COM objects' ActiveX controls. Continue Reading
By
- Bill Brenner
News 27 Aug 2006
Third-party patching: Prudent or perilous?

Security patches issued by third parties have become more prevalent in recent months, and while some security pros endorse them, others say they're more trouble than they're worth. Continue Reading
By
- Bill Brenner
Feature 27 Aug 2006

Look through the over-hyped storage terms; find the value

Storage expert Marc Staimer discusses the storage vendor trend of using over-hyped terms to sell their products, and how you can find the true value in what they're selling. Continue Reading
News 24 Aug 2006

Are tape backups a thing of the past when it comes to disaster recovery?

I guess we have to look at disaster recovery, when it comes to tapes, in order of priorities. So, if we're talking about your most critical applications nowadays -- your most critical data -- tape backup is actually losing favor to disk backup or data replication. Continue Reading
News 24 Aug 2006

Security Blog Log: Opinions abound on IBM/ISS deal

Bloggers ponder what IBM's acquisition of ISS says about the industry as a whole. Is the end in sight for independent security vendors? Continue Reading
News 24 Aug 2006

How do I identify what data to replicate and what data to simply backup?

It goes back again to the value of the data to your organization -- or the impact of losing access to this data. Typically, from a business continuity perspective, the best way to establish this is through what we call a "business impact analysis," which really measures the impact of an outage on your revenue stream or your organization from a public perception point of view. Continue Reading
News 24 Aug 2006

What is the difference between RPO and RTO (from a backup perspective)?

The recovery point objective (RPO) and the recovery time objective (RTO) are two very specific parameters that are closely associated with recovery. The RTO is how long you can basically go without a specific application. This is often associated with your maximum allowable or maximum tolerable outage. Continue Reading
News 24 Aug 2006

What is the most important aspect of data protection when it comes to DR?

You could answer that with one word really, and I would have to say "testing." Just "testing." Whatever you do when you're protecting data, whether it's a backup, whether it's replication, whatever it is, make sure that you test what you put in place. Just because the vendor's glossy ad said that theproduct allows you to restore "virtually in seconds," I wouldn't necessarily take their word for it. Continue Reading
News 24 Aug 2006
Weekly compilation of storage news

Symantec peddles enterprise vault toolT and the new features developed because of a recent update to the US Federal Rules of Civil Procedure. Continue Reading
By
- SearchStorage.com Staff
News 24 Aug 2006

Aren't backups and archives essentially the same thing?

The answer to that can be a "yes" and "no." If we look at a very high level, a copy of data is a copy of data, and that's where a lot of people confuse both as being somewhat the same -- one copy is just kept longer. When we start digging into what a backup is for and what an archive is for, that's when we really start seeing the distinction between the two. Continue Reading
News 24 Aug 2006

What do tiered storage and ILM have to do with disaster recovery?

That idea ties back into the topics of data growth, data control, data management and recoverability. Once you start categorizing your data based on criticality and recovery priority, it gives you an indication of your data segments. We have our high-priority data, we have our medium criticality data and we have our low restore priority data. Continue Reading
News 24 Aug 2006

How far apart should my production and alternate recovery sites be?

As a good consultant, I would have to use the typical answer; it depends. We have a few things to consider here. First, what kind of disaster are you trying to protect yourself (or your organization) from? Second, what is your geography like? Continue Reading
News 21 Aug 2006
IBM spruces up storage line

IBM floated a raft of announcements across its storage line, but analysts say they are still waiting for the updates stuck in the research phase. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 20 Aug 2006
AOL data spill leads to dismissals, resignation

AOL has fired two employees and its CTO has left the company after search data from 658,000 customers was accidentally exposed earlier this month. Continue Reading
By
- SearchSecurity.com Staff
Feature 17 Aug 2006

Security blog log: Fear and loathing in MS06-040's wake

This week, security bloggers wonder if some of the MS06-040 warnings have gone too far. Meanwhile, Symantec uses its blog to warn about the timed release of exploits. Continue Reading
News 15 Aug 2006
Cisco says it can't reproduce PIX flaw

Ever since a researcher at Black Hat outlined a flaw in the PIX firewall, Cisco has been trying to reproduce the security hole. So far, the company has been unsuccessful. Continue Reading
By
- Bill Brenner
News 14 Aug 2006
EMC sheds light on RSA integration plans

As the dust begins to settle on EMC's $2.1 billion acquisition of RSA Security, the hard work of integration begins. What's EMC strategy here? Continue Reading
By
- Jo Maitland, TechTarget
News 14 Aug 2006
Mocbot update targets MS06-040 flaw

Security experts raised the red flag Sunday as new malware targets the Windows flaw addressed in the MS06-040 patch. Attackers are using the flaw to expand IRC-controlled botnets. Continue Reading
By
- Bill Brenner
News 10 Aug 2006
Security Blog Log: Israeli-Hezbollah war spills into cyberspace

This week blogosphere warily watches online attacks inspired by the Mideast conflict and rants over the latest security incidents at AOL and the VA. Continue Reading
By
- Bill Brenner
News 10 Aug 2006
Vista kernel limits have security vendors on edge

Microsoft's PatchGuard feature will prevent extension of Windows Vista kernel, and antivirus vendors say it'll make it harder for them to produce good security products. Continue Reading
By
- Dennis Fisher
News 09 Aug 2006
Xiotech resurfaces with data compliance focus

Xiotech has been busy acquiring a legal discovery software vendor and building a data compliance practice, but what about storage? Continue Reading
By
- Jo Maitland, TechTarget
News 08 Aug 2006
Cheat sheet: Access management solutions and their pros and cons

Popular authentication methods such as passwords, biometrics and two-factor are assessed in this chart. Continue Reading
By
- Joel Dubin
Feature 07 Aug 2006

Inside MSRC: Time to rethink security workarounds

Christopher Budd of the Microsoft Security Response Center recommends implementing one of several security workarounds to ensure a secure infrastructure until this month's most important Windows update can be installed. Continue Reading
News 06 Aug 2006
Security Bytes: CA fixes eTrust Antivirus flaws

Online thieves steal $700,000 from personal accounts, researchers expose e-passport vulnerability; and arrests are made in the VA security breach case. Continue Reading
By
- SearchSecurity.com Staff
News 03 Aug 2006
Ajax threats worry researchers

Black Hat: While it makes smooth Web applications like Google Maps possible, the rush to adopt Ajax may fuel haphazard development and a feeding frenzy among hackers. Continue Reading
By
- Bill Brenner
News 03 Aug 2006
Vendors reject preferential knowledge sharing

While Cisco continues to investigate a potential PIX firewall flaw, it and other vendors say sharing security information quickly and indiscriminately is always the best policy. Continue Reading
By
- Michael Mimoso, TechTarget
News 03 Aug 2006
EMC updates SAN Advisor design tool

EMC's SAN design tool now recognises zones and allows users to customise rules; HP and EMC sign five-year cross-licensing deal. Continue Reading
By
- SearchStorage.com Staff
Feature 03 Aug 2006
Countering attackers with NAC, IPS

Product review: Information Security magazine's Wayne Rash says ForeScout Technologies' flexible CounterACT appliance combines NAC with IPS and is worth the investment. Continue Reading
By
- Wayne Rash
Feature 03 Aug 2006
Akonix A-Series offers complex, best-of-breed IM security

Product review: Information Security magazine's Sandra Kay Miller says The Akonix A-Series instant messaging security appliances works well but needs better documentation. Continue Reading
By
- Sandra Kay Miller
Feature 03 Aug 2006
Thwarting IM management challenges

Product review: Information Security magazine's Sandra Kay Miller says Symantec's IM Manager 8.0 has limited public network features, but offers excellent reporting Continue Reading
By
- Sandra Kay Miller
Feature 03 Aug 2006
Security event management, no strings attached

Product review: Information Security magazine's Joel Snyder says Check Point's vendor-agnostic Eventia Analyzer 2.0/Eventia Reporter is worth consideration despite limited BI options. Continue Reading
By
- Joel Snyder, Opus One
News 02 Aug 2006
Twelve Microsoft fixes coming on Patch Tuesday

Microsoft Tuesday will release a dozen new security bulletins for its Windows and Office products, likely including fixes for several outstanding PowerPoint flaws. Continue Reading
By
- Eileen Kennedy, News Writer
News 02 Aug 2006
Mobile security begins with policy

Mobile security can no longer be an afterthought. Mobile experts say security starts, but doesn't end, with policy. Continue Reading
By
- Andrew R. Hickey, News Writer
News 02 Aug 2006
Possible Cisco zero-day exploit revealed at Black Hat

Details of an alleged flaw related to SIP and PIX appliances, briefly mentioned in a Wednesday Black Hat presentation, are being kept under wraps as Cisco and US-CERT investigate. Continue Reading
By
- Michael Mimoso, TechTarget
News 02 Aug 2006

SRM tools improve storage planning and deployment, page 2

Storage administrators are struggling to identify their storage resources and utilise those resources to their best potential Continue Reading
News 01 Aug 2006

Arun Taneja: Blogs and more

Monthly blogs by Arun Taneja, as well as other material by this storage expert. Continue Reading
News 01 Aug 2006
Security Bytes: Exploits targeting freshly patched Apple flaw

Apple patches nearly two dozen holes in OS X, but not before exploits are unleashed. Plus McAfee fixes a critical flaw and EMC gets the OK to buy RSA. Continue Reading
By
- SearchSecurity.com Staff
News 01 Aug 2006
Litchfield: Database security is 'IT's biggest problem'

At Black Hat USA 2006, database security guru David Litchfield unveils 20-plus IBM Informix flaws that attackers could exploit to create malicious files, gain DBA-level privileges and access sensitive data. Continue Reading
By
- Bill Brenner
Feature 01 Aug 2006

PING with Heidi Kujawa

Heidi Kujawa, director of enterprise architecture services for Sony Pictures Entertainment, explains how combatting piracy takes more than just keeping bootleggers out of the theatres Continue Reading
News 31 Jul 2006
Security Bytes: ISS warns of new Microsoft Windows flaw

Attackers could exploit the latest Microsoft Windows flaw to crash vulnerable machines and Symantec fixes a Brightmail AntiSpam flaw. Continue Reading
By
- SearchSecurity.com Staff
Feature 31 Jul 2006

Beyond HIPAA and GLBA

Most firms are familiar with HIPAA, Gramm-Leach-Bliley and Sarbanes-Oxley, but newer regulations are pushing certain industry sectors to adopt strong authentication Continue Reading
News 30 Jul 2006
EqualLogic updates storage provisioning software

Users have more options when it comes to pooling storage with version 3.0 of EqualLogic's array software, but some are wondering whatever happened to the SAS disks. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 26 Jul 2006
Mozilla issues critical security updates

New patches to fix 13 software security flaws, eight of which have been deemed critical. Continue Reading
By
- Eric Parizo, Senior Analyst
News 26 Jul 2006
DHS puts Zitz in charge of cybersecurity division

American career intelligence officer Robert S. Zitz has taken over day-to-day operations of the US National Cyber Security Division, but his department still has numerous digital defence problems to remedy. Continue Reading
By
- Dennis Fisher
News 26 Jul 2006
Blue Cross bears burden of 'no wireless' policy

Blue Cross of Idaho had a "no wireless" policy on paper but never really enforced it. That is, until a team of auditors said the company had better do something. Continue Reading
By
- Andrew R. Hickey, News Writer
News 25 Jul 2006
Employee monitoring should be done with care

Employee monitoring is on the rise as firms try to safeguard their sensitive information and increase productivity. Continue Reading
By
- Gary S. Miliefsky