Jose Diaz of Thales e-Security discusses the potential migration to Chip and PIN in the US. Diaz explains how this transition could improve security of our payments infrastructure. 02 September 2010
With the proliferation of Web 2.0 services, security concerns have escalated. Davey Winder investigates how infosec vendors are addressing these challenges and wonders whether security 2.0 actually exists 31 August 2010
Peter Eicher of Syncsort draws from his 16 years of software industry experience to outline five data protection imperatives that organizations should consider during virtual server planning. 30 August 2010
In order for data centers to guarantee the security of their most valuable asset – that is, data – they must identify critical control points where data is at its most vulnerable. One of these critical control points is when data is at rest, particularly data stored on hardware and storage devices. Bret Weber, chief architect at storage and networking provider LSI, that looks at how data centers can utilize self-encrypting hard drives to protect data-at-rest. 26 August 2010
Although some collaborative strides have been made, the international law enforcement community still lacks sufficient resources and skills to have substantial impact on the cybercrime juggernaut. The (ISC)² U.S. Government Advisory Board examines deterrent effects of recent high-profile prosecutions, legislative gaps, challenges in US cybercrime laws, and obstacles facing international law enforcement strategies. 25 August 2010
AirTight Network’s Ajay Kumar Gupta says it’s no coincidence that cybercriminals like to use WiFi connections. Here he provides an overview of the reasons why, and what can be done to prevent them from using your wireless network as an accomplice. 16 August 2010
Cloud computing – it’s an industry buzz word that is all the rage. The concept is hardly new, and many companies and organizations embraced cloud computing services long ago. However, as budgets remain strained, the push toward more economical cloud services remains ever-present. Stephen Pritchard asks the questions every enterprise needs to know about security when transitioning to the cloud 12 August 2010
Steve Brunswick and Jose Diaz from Thales outline the payment security standards landscape and explain how these various standards fit together when securing data at the point of sale 10 August 2010
No shortage of attention has been paid to the topic of cybersecurity as of late, especially with respect to the role of government. All talk aside, what is being done to address the threats, and how real are they? Drew Amorosi sits down with Charles Palmer, the director of IBM’s Institute for Advanced Security, and learned that although the US may have cybersecurity challenges, the first step toward recovery is admitting that we have a problem 05 August 2010
Aviation security and information security are inextricably linked. So much of what makes up aviation security depends on sound information security; encompassing the protection of intelligence, procedural, systems, and network data. For all-too-obvious reasons, much of what goes on behind the scenes at airports with respect to information security is a closely guarded secret, whether it is the alphabet soup of governmental agencies in play or the airlines themselves. Drew Amorosi reports 04 August 2010
From ‘Hotel California’ to ‘Lyin’ Eyes’, songs by the rock legends have useful infosecurity lessons for enterprises. Nick Lowe, Check Point’s head of sales for Western Europe, shows you the signs 03 August 2010
Idappcom CEO Ray Bryant discusses how to step up your security defenses by measuring current effectiveness and enhancing your security solutions. 27 July 2010
Standards cover much of the field of information risk management, but there is an art to the rational understanding and mitigation of risk that is more about skill than knowledge. Brian McKenna uncovers how the discipline can be practiced with a cool head and a calm stomach 21 July 2010
Meridian’s Paul Johnson examines the differences between CSO and CISO and makes the case as to why small and medium-sized organizations must consider logical security training if they choose to employ an all-encompassing CSO, rather than separating logical security responsibilities out to a CISO. 19 July 2010
Ill news travels quick and far, or so the saying goes. But how well is security-related news covered in the press, and what are people writing about? Danny Bradbury investigates 15 July 2010
Legend has it that the late West Virgina Senator Robert Byrd carried a copy of the US constitution in his pocket at all times while on the floor of the Senate. Infosecurity's Drew Amorosi shares his opinions as to why Facebook's Mark Zuckerberg should do the same, or at the very least a current text on civil liberties. 29 June 2010
The latest in a series of wireless security articles from AirTight Networks’ Ajay Kumar Gupta examines rouge access point scenarios that could affect corporate networks (or any network for that matter). 24 June 2010
Change is the only constant in security – new users, new apps, growing networks and new threats mean recurring headaches for security teams. So how can IT stay ahead of change when everything is in flux? Gidi Cohen of Skybox Security shows how 14 June 2010
This past February, Microsoft, along with industry partners and academic researchers, spearheaded an effort to take the Waledec botnet offline. Drew Amorosi provides a detailed account of just how the cooperative endeavor was able to halt – at least temporarily – the notorious spam serving network. 08 June 2010
IT budgets continue to be squeezed while malware challenges become more formidable each day. Matt Allen of Norman Data Defense Systems discusses how sandboxing technologies can deliver on cost-effectiveness and timeliness claims by doing high-volume malware analysis in a safe environment. 07 June 2010
Network mistakes constantly happen throughout the day and are the bane of the network manager. Reuven Harrison, CTO of Tufin Technologies, provides some excellent hints and tips for network managers 03 June 2010
System logs haven’t really changed since the days of the IBM 360, but the need to manage them effectively for security purposes certainly has. Danny Bradbury finds out why log management is so important – and why we aren’t doing it properly 02 June 2010
How much do data breaches really damage organizations financially – and why don’t we want to hear about it? Danny Bradbury investigates 24 May 2010
The first PCI DSS compliance deadline is approaching in September, and with that comes the ever-growing concerns over protecting payment card information transmitted over wireless connections. Ajay Kumar Gupta of AirTight Networks discusses the various SaaS offerings that allow small and medium-sized business to achieve compliance while improving WiFi security. 24 May 2010
Bob Janssen of RES Software examines how secure desktop virtualization can be achieved using a context-centric approach 20 May 2010
How can businesses deliver flexible, scalable and secure remote access to staff during contingencies, while controlling costs? Check Point’s Nick Lowe describes a new approach to the problem 17 May 2010
Early in his term, President Obama promised to address the issue of cybersecurity by continuing and even expanding upon the efforts of the previous administration. Lauren Moraski surveys experts in the field, providing an assessment of the job the new president is doing so far to address this issue 13 May 2010
Great standards now exist for drafting security policies, but how do you make it real among corporate populations beset by recession, up for the outsourcing chop, and addicted to Facebook? Brian McKenna reports 10 May 2010
Electronic health records are supposed to improve the efficiency and accuracy of healthcare delivery. However, with electronic records come security headaches, and the potential for data breaches. John Sterlicchi examines what the industry is doing thus far to facilitate a secure transition toward electronic health records 05 May 2010
Have you ever wondered what your boss does all day long to earn that lucrative salary? For those of you who yearn for the top seat, Davey Winder reveals what it’s like to live a day in the life of an average CISO 26 April 2010
Infosecurity’s Drew Amorosi shares his opinions on the recent dismissal of Pennsylvania’s CISO and the role that open dialogue played in the decision 21 April 2010
SEO poisoning is an increasingly popular method of attack for cybercriminals, and one that shows they are using more sophisticated techniques. In the last year, attackers have poisoned search results on everything from the MTV Video Music Awards to Google Wave invitations. Patrik Runald of Websense asks what makes these attacks such a success, and what does this mean for 2010? 12 April 2010
IOActive’s Joshua Pennell implores AMI vendors to use a secure development lifecycle to maintain the security and availability of ‘smart grid’ technologies 12 April 2010
Geoff Webb of NetIQ asks if we really can achieve greater security by rushing to invest in the latest security tools that vendors have to offer. His thoughts may surprise you. 08 April 2010
Cheryl Klein of GRC Consulting believes that a focus on automation is the single best way to keep compliance costs manageable, especially for medium and smaller-sized businesses 07 April 2010
Ajay Kumar Gupta of AirTight Networks examines how new Wi-Fi capabilities in Windows 7 can lead to unauthorized network access and subsequent security issues 01 April 2010
Simone Seth from the Information Security Forum asks if we are winning the fight against the cyber criminals 29 March 2010
John Poulter of Informatica examines why IT security professionals in both the private and public sector are primary combatants in the global War on Terror. He explores options on aiding this process, and how to do so without ‘breaking the bank’ 18 March 2010
With more than 30 000 web pages being compromised every day, search engine results could increasingly lead to malware infection. Kari Larsen asks what the search engines are doing to mitigate security threats, and how users can protect themselves 15 March 2010
The recording industry continues to lose billions of dollars each year, along with tens of thousands of jobs, all thanks to illegally downloaded files. Lauren Moraski examines what is being done to combat the drain on this sector 10 March 2010
Browsers are the hacker’s window into your PC – but how are they compromised, and what are vendors doing to harden them? Danny Bradbury examines the techniques vendors are employing, and looks at why user education is one of the primary solutions for increased security 08 March 2010
IT security trade shows are an important part of the industry, but taking time off from your regular duties and travelling to the event can be an expensive and time-consuming job in itself. Veteran show-goer Steve Gold explains how it’s done 25 February 2010
Managing the security of the 2010 Olympic Games in Vancouver is no mean feat. Danny Bradbury went behind the scenes at the Olympic site to talk to the people who are tasked with ensuring the event goes smoothly 24 February 2010
Ajay Kumar Gupta of AirTight Networks reviews some of the most common reasons why corporate Wi-Fi users connect to unauthorized networks and what can be done to combat the problem. 17 February 2010
Using reputation in the security field makes users safer. Danny Bradbury takes a look at file reputation technology, and finds that if carefully managed and skillfully honed, it can be a useful addition to a security suite 04 February 2010
Morey Haber of eEye Digital Security believes that information security is a horizontal issue that we regulate vertically. Here he examines why this tactic is putting us all at risk. 02 February 2010
Senior IT security veteran Michael Oberlaender explains why availability, integrity, and confidentiality of information are all vital to an organization’s goals and reputation. He also examines the balancing act of security, costs, and functionality that must be evaluated by any IT security professional. 22 January 2010
People have long been accused of being the ‘weakest link’ in information security, but what if lack of usability and security training is actually at the heart of the matter? Wendy M. Grossman investigates 27 November 2009
Multinational companies in North America face a raft of red tape in terms of compliance and regulatory issues, as well as the uphill task of dealing with the complexities of international IT systems and resources. Steve Mansfield-Devine asks how companies can stay within the regulatory confines of relevant information security legislation without compromising profitability 19 November 2009
Information security has become an unavoidable issue for banking and other financial services organizations globally, and recently many of these organizations have turned to compliance, regulations and industry standards to secure their data and information infrastructure. John P. Pironti reports 13 November 2009
What makes a good digital forensics specialist? Steve Gold looks at some of the latest applications and investigates how the IT forensic investigator’s role has evolved in order to comply with changing customer priorities 06 November 2009
Ethical hacking seems to be a contradiction in terms, but what better way of making enterprises pay attention to their security flaws, than by acting like criminals? William Knight investigates 30 October 2009
As mobile working proliferates, boardroom staff is hitting the road with their laptops. Largely unconcerned with backing up their all important data, IT managers back in the office need to automate and secure this process. Steve Gold looks at how to secure a very mobile Board 26 October 2009
The proliferation of information security qualifications, standards and membership associations has reached a level whereby a degree of confusion is understandable. Peter Drabwell introduces some of the qualifications and associations out there 15 October 2009
Back in the day, telecommunication companies focused purely on voice calls. Then, data services and broadband access became common. The latest generation of services focuses on managed security, says John Sterlicchi – and it could revolutionize the industry 25 September 2009
As the Conficker worm proved when it first appeared in October 2008, there’s more to a piece of malware code than meets the eye, especially when it is self-updating. But can self-updating also mean self-modifying? Steve Gold investigates whether an IT security manager’s nightmare has become a programming reality 18 September 2009
There appears to be no such thing as a ‘typical’ IT or information security career, and the discipline is accustomed to benefitting from transferable skills that newcomers bring from past experience and careers. Peter Berlich looks at why the information security industry is attracting a high number of qualified individuals from fields like IT, engineering and sciences 10 September 2009
Today’s CISO needs a range of skills in order to market the security effort effectively to the rest of the business. The (ISC)2 US government advisory board executive writers bureau explores some strategies that can help ensure support from the rest of the organization 04 September 2009
As the popularity of social networking sites continues to mount, it becomes increasingly important to consider the information security risks posed in the context of a wider data loss prevention and reputation management strategy. Cath Everett reports 20 August 2009
Protecting intellectual property (IP) is imperative for any business. Providing a unique business model will encourage revenue, and keeping selected information from ambitious soon to be ex-employees should help to stave off the competition. Add a recession to the mix, complete with unscrupulous tactics, legal grey areas and an increase in redundancies, and the brewing threats might just boil over. Rob Stringer looks into the not-so-secret formula for keeping intellectual property secure 07 August 2009
As we stand on the cusp of a massive healthcare modernization program, we face increasing challenges over healthcare data privacy. Danny Bradbury explores what’s happening in the US from a technological perspective, and what it means for our sensitive data 03 August 2009
RFID security may still be in its infancy, but, as Steve Gold discovers, the technology is rapidly becoming pervasive and an integral part of the everyday IT security landscape, despite significant teething problems 01 August 2009
The IT and information security industries need to pay more attention to the electricity grid in the near future as more and more smart grids are set up with two-way communication systems. Simon Perry, principal associate analyst at Quocirca, explains why 20 July 2009
The development of virtual servers and cloud computing has brought with it a new information security problem - artificially intelligent (AI) superbots. Steve Gold explains what can be done to defend against this totally new genre of information security threats 14 July 2009
As the recession continues to chew into information security budgets, and cyber criminals see increased opportunity for looting, CIOs must ensure that defenses remain strong and affordable, even if this means a little bargaining. Stephen Pritchard looks at how organizations can negotiate the rough seas ahead. 06 July 2009
PCI DSS has been criticized as being both too prescriptive and too vague. The standard’s effectiveness has come under scrutiny once again as PCI compliant organizations have suffered huge data breaches in recent times. Danny Bradbury looks at the standard to find the root of the problem 26 June 2009
The oil and gas industries are natural targets for cyber-criminals due to sensitive data and very deep pockets. With the introduction of newer IT technologies, such as wireless and even social networking, the jobs of the information security teams are not getting any easier. John Sterlicchi reports 24 June 2009
Green IT has gone mainstream. The last year has seen corporations such as Citigroup establishing their environmental credentials by opening green data centers. But how do the separate disciplines of green IT and information security come together? Robin Arnfield reports 15 June 2009
While the information security world has had its attention fixed on data loss prevention since the TJX breach in early 2007, it has failed to acknowledge the rising issue of data integrity attacks. Sarb Sembhi investigates a threat that he predicts will soon take the industry by storm. 08 June 2009
Virtualization is a welcome medicine for many of IT's irritating symptoms. But is there a risk that basic information security hygiene will suffer as a result? William Knight investigates 01 June 2009
Over the past two decades, outsourcing and offshoring have become central to the business strategy of many organizations. The ongoing race to cut costs has resulted in mass migrations of whole industry sectors from low-cost regions to lower- cost ones, benefitting one and often distressing another - and the information security industry is no exception. Krag Brotby reports. 22 May 2009
The financial system is considered part of the critical national infrastructure as far as the USA is concerned. Danny Bradbury asks what steps are being taken to protect the stock market, and the companies that use it? 18 May 2009
An absence of legislation and the presence of the laissez-faire attitude has resulted in Canada being rather lax when it comes to information security compliance. Robin Arnfield looks at how US standards are driving the Canadian information security marketplace 01 March 2009
Silicon Valley, home to some of the world’s most talented IT security professionals, and housing many of the IT security market’s biggest players, is a hub of innovation. But the Valley hasn’t always been famed for its offerings in IT technology, and with bio-tech sweeping the Valley as the next big thing, it may soon re-invent itself once more. Eleanor Dallaway visited the Bay Area to talk to the people that are witnessing this evolution first-hand… 01 February 2009
Critical national infrastructures such as the National Grid, water and other utility networks have SCADA technology at their heart, but how are these systems protected against hacker, malware and terrorist attacks? Steve Gold spoke to the major players in this important, but little-understood, side of the security industry 01 January 2009
Career loyalty is an endangered creature. Unlike our predecessors, today’s workforce is unlikely to stay committed to a job for five years, Career loyalty is an endangered creature. Unlike our predecessors, today’s workforce is unlikely to stay committed to a job for five years, let alone their entire lives. But with such a fluid stream of employees keeping human resources busy, and countless eyes being cast over company data, Rob Stringer investigates how sensitive information can stay faithful to its organization, even if its staff don’t... 01 January 2009
Cyberthreats are increasingly a national security issue, and evidence suggests that the US is not adequately prepared for attacks across the network. Obama’s promise to appoint a Federal CTO is promising, but what else needs to be done to ensure that cyber-enemies are kept at bay? Danny Bradbury reports 01 January 2009
Satisfying the regulatory frameworks associated with public sector defense projects is just one hurdle that the aerospace sector must overcome. Danny Bradbury looks at the sector’s challenges and finds that a single, cohesive security structure could be the answer 01 January 2009
Many manufacturers, ignorant to the value of their trade secrets, are leaving their intellectual property wide open to theft. John Sterlicchi reports. 01 August 2008
Suzanne Hall, chief information officer of the Washington Nationals baseball team, talks to Greg Valero about the unique IT security challenges associated with opening a new ballpark in the nation’s capital 01 June 2008
VoIP is inevitable. Even if your organization has not yet adopted the system, you will be making VoIP calls in one way or another before very long. But should we be concerned? William Knight investigates 01 June 2008
Employee surveillance is near ubiquitous, but it may be damaging both staff performance and morale, say Adam Joinson and Monica Whitty... 01 February 2008
Securing IT means coping with Donald Rumsfeld’s ‘known unknowns’ – expected attacks whose nature is a surprise. Concepts from medicine, game theory and crowd sourcing may help, finds Danny Bradbury 01 February 2008
Email Address
Password
Forgotten login?