-
24 Apr 2012 Countering cloud computing threats: Malicious insiders
Learn the questions to ask in order to vet your cloud provider’s hiring practices and administrative controls.
Investigation reveals serious cloud computing data security flaws
Context Information Security found that data stored by a cloud customer could be accessed by the next customer to spin up a VM on the same disk.
-
19 Apr 2012 Experts differ on European ‘cookie law’ advice (Security Bytes Blog)
U.S. firms with European customers are wondering about the new “cookie law.” Experts have different advice for European cookie law compliance.
-
17 Apr 2012 Should the new Google privacy policy concern enterprises?
Google’s tentacles reach deep into most enterprises, but should enterprises worry about the new Google privacy policy? Expert Michael Cobb discusses.
-
11 Apr 2012 Windows 8 authentication: An examination of the new cloud-based option
A look at the new cloud-based authentication feature included in the latest version of Microsoft’s operating system.
-
10 Apr 2012 Finding Mobile device security training courses for IT admins
Expert Davey Winder suggests some good security training courses for the IT administrator who must manage their organisation’s mobile devices.
-
09 Apr 2012 How to test a firewall: A three-step guide for testing firewalls
There are three steps when testing firewalls for your organisation. Expert Joel Snyder explains how to test a firewall.
-
04 Apr 2012 Industry is doomed by automation, misguided IT security strategy, experts warn
Blunt experts at InfoSec World said enterprise IT security strategy often misses the mark, but some attendees suggested the experts are out of touch.
-
02 Apr 2012 Some CISOs consider ripping out or augmenting outdated SIEM systems
Outdated SIEM systems were difficult to deploy and costly to maintain, according to one expert. Today, CISOs are considering highly integrated, lightweight systems with more automation.
-
30 Mar 2012 SIEM deployment case study shows patience is required
Williams Lea’s SIEM is already helping reduce manual log reviews. But there’s still a lot of work to be done before the SIEM can be fully deployed.
-
28 Mar 2012 Information security career paths leading to security specialist jobs
Recruiter Peter Rendall sees information security career paths leading toward security specialist jobs; SIEM, DLP and analysis are especially hot.
-
26 Mar 2012 CSP security: Industry groups work to improve cloud transparency
Organisations need insight into their cloud providers’ security. Industry groups are tackling the cloud transparency challenge.
-
22 Mar 2012 Verizon 2012 DBIR recommends log analysis and password management
The 2012 DBIR highlights prevalent problems with simple, relatively inexpensive recommendations.
Verizon DBIR 2012: Automated large-scale attacks taking down SMBs
The Verizon DBIR says cybercrime groups automate attacks against SMBs with lax controls on remote access services and point-of-sale systems.
-
14 Mar 2012 Securing the SIEM system: Control access, prioritize availability
The prospect of a SIEM system crash should scare any enterprise. Guard against a compromised SIEM system to protect the security nerve center.
-
12 Mar 2012 PCI virtualisation compliance: Three steps for PCI compliance in the cloud
PCI compliance in the cloud is tough but implementing these strategies can help.
-
06 Mar 2012 How to manage the compliance cycle to improve your compliance strategy
Too often, organizations jam all their compliance tasks into the quarter when the audit is due. Read advice for reducing compliance fatigue.
-
01 Mar 2012 Copycat apps, runaway coding a growing threat, RSA panel says
Despite application store controls set by Apple and Google, a panel of mobile application security experts say the potential exists for weaponized applications.
Dan Kaminsky offers unconventional wisdom on security innovation
Luminary Dan Kaminsky, known for his DNS research, pushed RSA Conference 2012 attendees toward security innovation by upending conventional wisdom.
Hacking back puts security on the offensive
Two penetration testers at RSA Conference 2012 explain how enterprises can hack back against attackers and stay within legal and ethical boundaries.
-
29 Feb 2012 Developers must improve mobile app security or face backlash, experts say
Poorly coded mobile applications and the inability to protect the back-end systems supporting them, harms the integrity of the entire application ecosystem, said software security expert Jacob West...
Security pros need to get in front of cloud computing trend, RSA panel says
Security teams need to innovate and adapt to cloud, according to CISO panel
-
28 Feb 2012 RSA Conference 2012 keynote prescribes intelligence-driven security
RSA’s Arthur Coviello urged security pros to break down silos and intelligence-driven security programs, or face a tough year.
Research into cryptographic system limitations crucial, RSA panel says
Researchers testing some of the most relied upon cryptographic algorithms are making progress in breaking them, according to experts on the 2012 RSA Conference Cryptographer’s Panel.
-
22 Feb 2012 IBM QRadar adds X-Force threat intelligence to SIEM system
Big Blue unveils integration of its Q1 Labs acquisition giving IT security pros the ability to add rule-based alerts using threat intelligence feeds.
-
16 Feb 2012 Adobe issues Flash Player update, fixes Adobe XSS zero-day flaw
An Adobe Systems security update fixed seven critical flaws in Flash Player, including a cross-site scripting vulnerability being actively targeted by attackers.
Using Burp Suite proxy tool to examine client-side requests
The free Burp Suite proxy tool can be used for good or for bad. Expert Rob Shapland provides usage scenarios for both.
-
15 Feb 2012 Open source software security issues: How to review OSS for security
A reader asks how to judge the security of open source software products. Expert Michael Cobb lists three areas to check.
-
01 Feb 2012 SaaS security: Weighing SaaS encryption options
A look at SaaS encryption techniques and challenges.
-
23 Jan 2012 Android security settings and controls for Android enterprise security
Can Androids ever be secure enough for corporate use? Learn about Android security controls to enable effective Android enterprise security.