GFI Endpoint Security 3.0 Review
Businesses, from small to large, make a decent investment in firewalls, anti-viruses, email and web content security filters to protect their networks against external threats. Yet, any user with a USB device poses a tremendous threat to your data, no matter how well external security is.
Published: Tuesday, 1 May 2007 02:15 EST
Image Spam: Getting the Picture?
Spam. We’ve all seen enough of it. But just as familiarity has bred contempt (and stopped most email users responding to it), spammers have come up with a new technique to snare the unwary and get around corporate security measures.
Published: Thursday, 5 April 2007 04:32 EST
How to safely dispose of old mobile devices
The lifespan of notebook PCs, PDAs and smartphones is falling as the pace of technology marches ever onwards. But for every new mobile device purchased by organisations of all sizes there is usually a piece of legacy hardware that gets sold, passed on to a colleague, friend or relative, or simply thrown away in the office rubbish.
Published: Monday, 26 March 2007 02:38 EST
Overseeing Your Organization’s Security Posture with Active Vulnerability Management
Many IT executives today are tasked with finding a way to understand their organization’s true security posture, as they must prove that “due care” is being taken to secure their networks. The pressure to prove true security levels comes from business partners, company executives, industry regulations, and maintaining company reputation.
Published: Monday, 26 March 2007 02:31 EST
The Dirty Dozen: Killing False Positives
Any IT director trying to battle security threats to their networks day after day will know the feeling. Maintaining a clear view of their true security position is a constant, enervating battle, devouring man-hours and resources.
Published: Friday, 9 March 2007 08:52 EST
What’s Important in Web Application Security Testing
As with many other business analysis issues, there are three sides to the story when looking at Web application security testing: yours, the findings of your vulnerability assessment, and the truth. Whether you’re using a commercial or open source scanner, you’re undoubtedly going to glean a lot of information and come across vulnerabilities.
Published: Thursday, 8 March 2007 11:01 EST
Managing Compliance in a Multi-Regulatory World
CISOs in highly regulated industries such as Banking, Healthcare and Securities are challenged to ensure that their systems and processes are in compliance with multiple security and privacy requirements derived from various frameworks and specifications, each supporting one or more regulations.
Published: Monday, 5 March 2007 11:02 EST
Magnifying the Value of ID Management Technology
During the past couple of years, Network Behavior Analysis (NBA) has made its way into the security mainstream. Many companies have found NBA’s flow-based approach to be more effective, easier to manage and less expensive than traditional, perimeter-based security solutions, such as firewalls, antivirus and intrusion detection/prevention systems (IDS/IPS).
Published: Wednesday, 28 February 2007 15:16 EST
Avoid Wasting Money on Penetration Testing
Penetration Testing is the final word in proving that technical compliance and good security practices are in place - or so it should be. But how do you know if you’re getting a good service or not? What if the consultant performing the test is inexperienced? What is the impact on quality if the consultant is overworked? What if the consultant is an expert ‘hacker’, but terrible at report writing?
Published: Tuesday, 20 February 2007 02:22 EST
Password Malpractice: Are You Guilty?
The explosion of passwords in today’s enterprise has created a sea of holes in the security infrastructure. Some CIOs have responded to the challenge by bringing in the lifeboats, figuratively speaking, but in many cases the password-related security risk remains largely unchecked and even ignored.
Published: Monday, 19 February 2007 14:14 EST