IT risk management
Risk management is an increasingly important discipline for IT leaders, with regulatory compliance an ever-present consideration and the amount of legislation and regulation concerning data security on the rise. We examine the issues around IT risk management and the best practices that IT managers need to know.
-
News
20 Nov 2024
Government issues strategic priorities for online safety regulator Ofcom
Technology secretary Peter Kyle sets out the government’s strategic priorities for how Ofcom should approach regulating online safety, including embedding safety by design and supporting innovation in technologies to help protect people online Continue Reading
-
News
19 Nov 2024
AI readiness stalls in APAC
Despite significant investment in AI, only 15% of organisations in Asia-Pacific are ready to deploy the technology today, according to Cisco’s latest regional AI readiness survey Continue Reading
-
News
24 Jul 2006
Security Bytes: New Microsoft exploits in the wild
The exploits target issues Microsoft patched earlier this month. Meanwhile, flaws are reported in Oracle for OpenView and a Mozilla Firefox keystroke logger is on the loose. Continue Reading
-
News
18 Jul 2006
Midsized firms reach out to backup service providers
Data growth and ever-tightening compliance rules are among the factors driving some organizations to turn to service providers for help with backups. Continue Reading
-
News
14 Jul 2006
CSI survey: Data breaches still being swept under the rug
The annual CSI/FBI Computer Crime and Security Survey shows companies are reporting fewer financial losses from data breaches. That doesn't mean the good guys are winning. Continue Reading
- News 14 Jul 2006
-
News
13 Jul 2006
Security Bytes: Investigators slam VA over data breach
Meanwhile: Cisco patches a router application flaw, a Washington law firm sues IBM over a server attack; and spammers sucker Web surfers with fake Vladimir Putin death reports. Continue Reading
-
News
13 Jul 2006
Trojan targets Microsoft PowerPoint flaw
Update: The exploit might be tied to an older flaw in Excel. Attackers who exploit the serious flaw could launch arbitrary code. Microsoft says it is investigating. Continue Reading
-
News
11 Jul 2006
Critical flaws found in Excel, Flash Player
FrSIRT says holes in Microsoft's spreadsheet program and Adobe's media player could allow attackers to take control of affected machines and initiate malicious commands. Continue Reading
-
Feature
11 Jul 2006
Inside MSRC: Debunking Excel exploits
Microsoft's Christopher Budd puts the magnifying glass to Microsoft's July bulletinsand says one alleged Excel exploit isn't what it seems. Continue Reading
-
News
11 Jul 2006
Looking ahead to life without passwords
Security pros know that passwords are nothing but trouble. For them, single-sign on, two-factor authentication and federated ID represent the path to stronger authentication. Continue Reading
- News 10 Jul 2006
-
News
10 Jul 2006
Security Bytes: Data breach affects 100,000 military personnel
Meanwhile: Phishers use a phone trick to dupe PayPal users; the PCI security standard will get more teeth and a survey illustrates an increase in security breaches Continue Reading
- News 10 Jul 2006
-
News
06 Jul 2006
Strong authentication for businesses large and small
Product review: Customer service could return calls more quickly when there's a problem. But overall, RSA SecurID Appliance 2.0 delivers robust, scalable protection. Continue Reading
-
News
26 Jun 2006
Dundee to teach ethical hacking BSc
A degree in ethical hacking will be on offer at a Scottish university from the new academic year. Continue Reading
- News 13 Jun 2006
-
News
01 Jun 2006
FullArmor lives up to its name
PolicyPortal provides an Internet interface to easily configure, monitor and enforce near real-time Active Directory-based policy compliance through client agents. Continue Reading
-
News
01 Jun 2006
BlueCat appliance offers rock-solid security
Hot Pick: The Adonis 1000 appliance bundles DNS and DHCP into an enterprise-class appliance for the centralized secure operation of network addressing. Continue Reading
-
Tip
27 Apr 2006
How to create and enforce employee termination procedures
In this Ask the Expert Q&A, Shon Harris, our security management expert, reviews how the the security group, HR and management should work together to define and enforce employee termination policies, and reviews what should be done during each stage of employment. Continue Reading
-
Feature
11 Apr 2006
Questions that need to be answered on NHS IT plan
Four years ago the government announced to a grateful NHS a national IT programme that would become the world's largest civil computer scheme. Continue Reading
-
News
28 Mar 2006
Outsourced way to hire contract staff
IT services company FDM has launched a "straight through" recruitment service to help IT departments in the finance sector recruit contract staff. Continue Reading
- News 07 Mar 2006
-
Feature
02 Mar 2006
Industry chiefs to declare war on for-profit cyber criminals
IT industry leaders reaffirm the importance of security to a digital economy beset by money-driven cyber criminals. Continue Reading
-
News
27 Feb 2006
Not just a big switch
Fibre Channel directors don't just provide lots of ports, they also offer ways to connect disparate SANs, isolate data and devices within a fabric, and configure throughput for specific applications. We look at how the big three directors match up. Continue Reading
-
Feature
17 Feb 2006
Be careful you don't get more than you pay for with VoIP
Implementing VoIP is attractive for all companies in particular SMBs. However, there are issues to address that may cost you more than what you save Continue Reading
-
News
20 Jan 2006
Tech roundup: WAFS products
A guide to wide-area file services (WAFS), which allow distant users to access files and applications from the datacentre as if they were local. Continue Reading
-
Feature
09 Jan 2006
Voicing concerns on Skype
Skype has blazed a trail in the Voice over IP arena; its popularity hasn’t gone unnoticed by the hacker community however Continue Reading
-
News
21 Dec 2005
Sony struggles to regain trust
The company is trying to mend a reputation bruised over its antipiracy practices. One advocate for online civil liberties explains why redemption is a long way off. Continue Reading
-
News
20 Dec 2005
Guidance turns investigative tools on itself
The forensics software firm says it was compromised by hackers in November. It's just one in a growing list of companies admitting to recent attacks or lax security. Continue Reading
-
News
14 Dec 2005
Flaws reported in Trend Micro ServerProtect
Storage and security managers should be wary of vulnerabilities in the AV product that could enable a denial-of-service and malicious code execution. Workarounds are available. Continue Reading
-
News
14 Dec 2005
Hospital ditches EMC Centera for long-term archiving
UHCS in Augusta, Ga., is replacing its Centera archiving system from EMC with IBM's GMAS product after performance, reliability and cost issues forced it to seek alternatives. Continue Reading
-
News
14 Dec 2005
Roundup: 2005's 'curious malicious code'
These viruses, worms and Trojans sometimes escaped our notice. But it didn't get past one antivirus vendor, who rounded up some of the year's stranger offerings from the underground. Continue Reading
-
News
12 Dec 2005
Two Windows patches coming, IE fix uncertain
It remains to be seen whether the software giant on Dec. 13 will address an outstanding Internet Explorer issue that is currently the target of a malicious Trojan. Continue Reading
-
News
12 Dec 2005
Titan Rain shows need for better training
SANS says the Chinese-based attacks demonstrate the growing sophistication of hackers, and the need for IT admins who can articulate the dangers to execs. Continue Reading
-
News
12 Dec 2005
Experts: Encryption not a security cure-all
Encrypting data offers some protection, but secure applications require much more than cryptography. Experts weigh in on your security options. Continue Reading
-
News
08 Dec 2005
IP cloaking becoming a business necessity
Just by browsing your competitor's Web site, you might be giving away your company's most guarded secrets. Experts offer advice for countering the subterfuge and keeping secrets safe. Continue Reading
-
News
07 Dec 2005
Security pros gain ground in the board room
Executives are paying more attention to their IT security managers and taking more responsibility for online threats against their companies, according to a new study. Continue Reading
-
News
06 Dec 2005
Cybersecurity policy takes cooperation, trust, experts say
At the Infosecurity confab, experts explain why sharing information -- even when it's embarrassing -- is vital to securing not only corporations, but also the national infrastructure. Continue Reading
-
News
30 Nov 2005
Out-of-cycle IE patch may be imminent
Microsoft may release a critical Internet Explorer fix before the next Patch Tuesday, amid reports that malicious code is targeting a memory corruption flaw. Continue Reading
-
News
28 Nov 2005
Step 6: Configuring wireless clients
With wireless networks proliferating it is a good idea to understand what it takes to build a VPN for a wireless gateway. Contributor and Microsoft MVP Brien Posey details the necessary steps in this step-by-step guide. Continue Reading
-
News
21 Nov 2005
Wireless security: Public Wi-Fi could open security holes
A Michigan county is working to give everyone within its borders wireless Internet access. But when it comes to security, users are on their own. Continue Reading
-
News
20 Nov 2005
Wireless security crucial to railway safety
A transportation firm uses wireless technology to keep the trains running on time. But securing mobile devices isn't easy when they're spread across the globe. Continue Reading
-
News
16 Nov 2005
Wireless security: Companies deal with software updates
A health care provider found it could use wireless technology to dramatically boost patient care. But first it had to figure out how to deploy security updates over a wireless network. Continue Reading
-
News
14 Nov 2005
Hackers installing keyloggers at a record rate
iDefense researchers have found that keylogger infections are up 65% over the year before, putting the private data of tens of millions of users at risk. Continue Reading
-
News
14 Nov 2005
Sony rootkit uninstaller causes bigger threat
Princeton researchers say a security hole that appears when users try to remove Sony's copy protection software presents an even greater risk than the original rootkit. Continue Reading
-
News
10 Nov 2005
Security Bytes: FTC cracks down on alleged spyware distributors
Patches fix serious RealPlayer flaws, IM malcode launches phishing attacks; Microsoft warns of Macromedia Flash flaw; Liberty Alliance pushes stronger authentication; FEMA data security is in question; patches fix Veritas flaws and TransUnion suffers a security breach. Continue Reading
-
News
09 Nov 2005
Trojans target Sony DRM and Windows
Security researchers track two new Trojan horses. One exploits the Sony DRM program. The other could possibly take aim at the Windows flaw Microsoft patched this week. Continue Reading
-
News
08 Nov 2005
Sony takes second stab at DRM patch
But a top executive's response to criticism over the company's use of rootkit technology has added fuel to the backlash. Continue Reading
-
News
24 Oct 2005
Reporter's Notebook: NYC 'controls the software industry'
At Information Security Decisions: a security "rock star" rages against the Microsoft machine; banging the drum for enterprise security; a sour note on zero-day exploits. Continue Reading
-
News
19 Oct 2005
Elements of a data protection strategy
In this excerpt from Data Protection and Lifecycle Management, Tom Petrocelli addresses the importance of securing data for regulatory compliance and outlines the five components of a data protection strategy. Continue Reading
-
News
17 Oct 2005
How avian flu could threaten IT security
Experts say a potential bird flu pandemic could have a disastrous effect on IT infrastructures. But if companies plan well, those infrastructures could also help minimize chaos. Continue Reading
-
News
12 Oct 2005
Quiz: What's your infosec IQ?
We've collected our toughest questions to see how well you stand up to a challenge. Put your knowledge to the test and let us know how you do. Continue Reading
-
News
27 Sep 2005
Secure your extended enterprise
How do you achieve the fine balance between ensuring that there is truly free access to sensitive information, without sacrificing security? Continue Reading
-
News
26 Sep 2005
Secure the interests of your extended enterprise
How do you achieve the fine balance between ensuring that there is truly free access to sensitive information and applications from both inside and outside the firewall, without sacrificing security? Continue Reading
-
News
22 Sep 2005
Who best to avert data security disaster: government or business?
People look to government to prevent catastrophe. But in the Information Age, some of those people, namely those working in IT shops, need to do their part to protect us. Continue Reading
-
News
22 Sep 2005
Telework key to surviving security disaster, expert says
Cybersecurity Industry Alliance Executive Director Paul Kurtz explains why telework may be crucial to surviving The Big One. Continue Reading
-
News
21 Sep 2005
Catastrophic cyberattack unlikely, experts say
Predictions of a cataclysmic disaster have been around for awhile. But one security officer cites reasons why the Internet can never be brought down. Continue Reading
-
News
20 Sep 2005
SAS drives product roundup
Serial-attached SCSI (or SAS) drives offer significant storage capacity at a much lower cost, while maintaining reasonable performance. Find out who the vendors are in this market. Continue Reading
- News 20 Sep 2005
-
News
20 Sep 2005
Insider threat seen as biggest data security issue
Whether they oversee physical or online defenses, security officers say the disaster scenario that scares them most begins with an insider with malicious intentions. Continue Reading
-
News
18 Sep 2005
Ensure that legal responsibilities are clear -- Especially when trouble strikes
Excerpt from Chapter 15 of Information Nation Warrior: Information Management Compliance Boot Camp. Continue Reading
-
News
11 Sep 2005
VoIP turns up the heat on firewalls
New research shows that many organizations are increasingly concerned about VoIP security and plan to augment their firewalls within the next year, changing the landscape of the firewall market. Continue Reading
- News 06 Sep 2005
-
News
05 Sep 2005
IE 7.0 may usher in wave of RSS exploits
Experts warn that Web-feed enhancements in Microsoft's new Web browser may be just the thing crackers need to compromise networks and private data. Continue Reading
-
News
05 Sep 2005
Extending perimeters
The news that, up until 2006, 70% of successful wireless local area network (WLAN) attacks will be because of the misconfiguration of WLAN access points and client software is disquieting on a number of levels. Continue Reading
-
News
30 Aug 2005
Myfip's Titan Rain connection
LURHQ researchers say the Myfip worm is a good example of the malcode Chinese hackers are using in the so-called Titan Rain attacks against U.S. government networks. Continue Reading
-
News
30 Aug 2005
Antivirus can introduce dangerous network security holes into any OS
AV software is one of the most basic security steps available. It's also yet another gateway for security breaches. Continue Reading
-
News
30 Aug 2005
Passive fingerprinting: Applications and prevention
In this excerpt from the book Silence on the Wire, author Michal Zalewski discusses both malicious and beneficial uses for passive fingerprinting, and how to prevent successful passive fingerprinting on your network. Continue Reading
-
News
26 Aug 2005
High profile breach brings security to top of agenda
There’s nothing like an apparent breach at a global company to concentrate the mind when it comes to information and data security. Continue Reading
-
News
16 Aug 2005
Reduce risks of disaster recovery testing
Untested business continuity plans can leave your firm in the lurch, but taking down live environments is risky and complicated. Continue Reading
-
News
02 Aug 2005
Raising risk prospects with a new SQL injection threat
"Inference attacks" could deliver up your so-called secure database to an attacker. Continue Reading
-
News
31 Jul 2005
Attack: USB could be the death of me
Seemingly innocent Universal Serial Bus driver bugs may allow device attacks that many won't see coming, according to Black Hat presenters. Continue Reading
-
Feature
28 Jul 2005
Lost at sea: securing the channel
As attacks seem to proliferate almost unabated, it’s worrying to think that of the three interested parties in the security technology market — the technology makers, the technology sellers and the technology users—not everyone shares a common view on the importance of the technology. Continue Reading
-
News
28 Jul 2005
Sarbox compliance costing companies
Companies’ required investments to attain compliance with the Sarbanes-Oxley data security legislation has come at the expense of dealing with other security threats, according to the Information Security Forum (ISF). Continue Reading
-
News
27 Jul 2005
Cisco, Black Hat litigation comes to a close
The vendor and partner ISS settle their dispute over a presentation that resulted in criminal charges and cease and desist orders. Continue Reading
-
News
26 Jul 2005
VeriSign raises stakes in battle for threat intelligence
Not to be outdone by 3Com's "Zero-Day Initiative," VeriSign says it'll shell out more cash for hackers who provide vulnerability intelligence. Continue Reading
-
News
26 Jul 2005
Experts weigh in on spyware's defining moment
We asked IT professionals to review the spyware definitions proposed by a coalition of tech firms and security organizations. They found plenty of room for improvement. Continue Reading
- News 26 Jul 2005
-
Feature
22 Jul 2005
Business continuity keeps companies running
As we speak, it appears that disruption to IT services by the London bombings was minimised due to effective and realistic business continuity strategies. Sally Flood sees how you construct them. Continue Reading
-
News
21 Jul 2005
Users look for value boost from Microsoft licence rejig
Software Assurance needs to offer better support, say IT directors Continue Reading
-
News
21 Jul 2005
Sarbox draining corporate security budgets
Corporate investment to comply with the Sarbanes-Oxley data security legislation has come at the expense of dealing with other security threats, according to the Information Security Forum (ISF). Continue Reading
-
News
21 Jul 2005
Can alcohol mix with your key personnel?
I persuaded our MD to hire a dedicated IT security expert. I am pleased with his work, but on several occasions he has smelled strongly of drink. How do I nip this in the bud? Continue Reading
-
News
12 Jul 2005
Sarbox challenge drains security budgets
International corporate spending on compliance with the Sarbanes-Oxley data security legislation has come at the expense of dealing with other security threats, according to the Information Security Forum. Continue Reading
-
Feature
06 Jul 2005
Phishing for the missing piece of the CardSystems puzzle
A banking insider examines the ties between customized phishing attacks this spring and the CardSystems breach announced soon after. Don't miss his revelations on how they're linked and what the phishers really needed. Continue Reading
-
News
06 Jul 2005
This is not your father's hacker
While Sasser author Sven Jaschan awaits the outcome of his trial this week in Germany, a new cybercrime report explains why the teenager is becoming an anachronism. Continue Reading
-
News
06 Jul 2005
PING with Karen Worstell
The Microsoft CISO discusses how she keeps Redmond and its products secure. Continue Reading
-
News
04 Jul 2005
Sasser author issues courtroom confession
Sven Jaschan's mea culpa was expected after he earlier admitted to creating the last major malware outbreak more than a year ago. Continue Reading
-
News
21 Jun 2005
Continuing education options for CISSPs: Top 10 ways to earn CPEs
Who says you can't have fun while earning CPE credits? Check out the top 10 ways to meet CISSP® and SSCP continuing professional education requirements. Continue Reading
-
Feature
19 Jun 2005
How to survive a data breach
When Colin Crook offers advice on how companies should deal a security breach, he speaks from experience. He was CTO of Citicorp [now Citigroup, parent company of Citibank] 10 years ago when a hacker penetrated the company's network.
Crook is now senior advisor to the Wharton Fellows at the University of Pennsylvania, a member of the New York Academy of Sciences; fellow of the Royal Academy of Engineering and co-author of "The Power of Impossible Thinking." He shared his experiences with customers of Framingham, Mass.-based ID management firm Courion Corp. during the company's Converge05 conference last week. Business executives, he argues, must do better at listening to others and understand security is about humans, not machinery.
In the first of a two-part question-and-answer feature, Crook explains how companies can survive the fallout from a data heist.
Continue Reading -
News
13 Jun 2005
Gartner underscores five overblown threats
Two Gartner analysts debunk five overhyped security risks they claim are causing companies to miss out on some key emerging technologies. Continue Reading
-
News
06 Jun 2005
Spyware removal checklist
A step-by-step guide on how to remove spyware using antispyware tools including Spybot -- Search and Destroy, and HijackThis. Continue Reading
-
News
06 Jun 2005
Know your enemy: Why your Web site is at risk
In this Lesson 1 technical paper from Web Security School, guest instructor Michael Cobb outlines the threats to Web sites and who is behind them. Continue Reading
-
News
06 Jun 2005
Developer's active content delivery checklist
Rules for developing secure dynamic content for an IIS Web server. Continue Reading
-
News
05 Jun 2005
Quiz: Secure Web directories and development, answer No. 3
Quiz: Secure Web directories and development, answer No. 3 Continue Reading
-
News
05 Jun 2005
Quiz: Secure Web directories and development, answer No. 4
Quiz: Secure Web directories and development, answer No. 4 Continue Reading
-
News
05 Jun 2005
Quiz: Secure Web directories and development, answer No. 5
Quiz: Secure Web directories and development, answer No. 5 Continue Reading
- News 05 Jun 2005
- News 05 Jun 2005
-
News
05 Jun 2005
Quiz: Secure Web directories and development
Evaluate your knowledge of Web threats and how to defeat them. Questions cover security risks of dynamically created content and proper security management. Continue Reading
-
News
04 Jun 2005
Top tools for testing your online security, part 2
Michael Cobb explains what tools are helpful in maintaining Web security, including security scanners, benchmarking tools, monitoring services and online resources. Continue Reading
-
News
04 Jun 2005
Life at the edge part 3: Resistance to failure
Learn how architecture, protocol and application-level protections work together to safeguard a Web infrastructure. Continue Reading