Crisis of customer confidence to drive information security
Over the last 12 months, human error, social engineering, and identity theft have eclipsed the focus on IT system vulnerabilities in the information security world.

Can compliance stop the bad guys?
Passing a PCI compliance audit is necessary, but compliance alone does not protect your company from a breach

Airline check-in is wide open
Online check-in for flights is easy to hack. What should airlines be doing about this?

It's all about the data
Money is oxygen to a business; it is required in order to grow. Without money, it will die. Businesses are run to ensure maximum profit to increase the chances of survival and growth. Information security is often a difficult sell to these profit-focused businesses.

Biometrics industry must challenge government
The UK government is mis-selling biometrics with its identity card scheme, argues Phil Booth of the NO2ID campaign group

Why forensic analysis needs to give up Nintendo
Forensic analysts need to adopt new methodologies to stay effective, says Harlan Carvey, author of Windows Forensics and Incident Recovery

Things I would not like to say about security but have to
Marcos Sêmola, a Brazilian infosecurity professional working in the UK, gives his view on dealing with risk, people and vendors

A state of insecurity
Eleanor Dallaway reflects on visiting Israel, and why its people can be both proud and regretful of their powerful infosecurity industry

Computer forensics - yesterday, today and tomorrow
The field of computer forensics has come a long way in a few decades, with today's large disk drives worth five billion of the 1980s' 360k disks, writes Jack Wiles, lead editor of Techno Security's Guide to E-Discovery and Digital Forensics

When pen testers don Marigolds
If you neglect the physical security of documents, you are making life too easy for penetration testers - and criminals, says Ken Munro, managing director of SecureTest

Secure on paper?
Ensuring documents are destroyed rather than leaked requires a methodical approach, says Brian Gouin, author of Security Design Consulting

Have respect for info-rights
The UK's Information Commissioner Richard Thomas calls for organisations to protect the personal data they hold, or risk becoming the next bad infosecurity news story

The Compliance Gamble
Tony Bradley, author of Syngress title PCI Compliance: Implementing Effective PCI Data Security Standards, says that retailers should do the right thing rather than gamble with their reputations.

The Holy Grail of infosecurity
Jason Holloway, vice-president of marketing for ExaProtect, believes infosecurity has much to leave from Monty Python and the Holy Grail, even if some staff can already recite dozens of quotes from the film.

A built-in weakness
Ken Munro, managing director of UK penetration tester SecureTest, says that building management systems - as used within the UK's major airports - "simply aren't secure enough yet".

Security professionals need to improve people (and business) management skills
before IT skills
John Colley, CISSP, Board of Directors and Chairman of the European Advisory Board for (ISC)2 argues that protecting information assets is more about people management than IT management.

Reflections on Microsoft keynote at RSA 2007
Kristin Johnsen, senior director of security outreach, Trustworthy Computing Group at Microsoft spoke to Brian McKenna following the Bill Gates and Craig Mundie keynote at RSA 2007.

Joe Blow no match for trained ex-intelligence officers
David Drab is a former FBI investigative agent who now works as a principal in Xerox Global Services. He is presenting at RSA 2007 in San Francisco this week on trade secrets. He spoke to Brian McKenna about why trade secrets are the "orphan child of intellectual property protection".

The network intelligence Game — active scanning v. passive asset discovery
It was in the beginning of the 20th century that the founding father of quantum physics, Werner Heisenberg, made a startling claim that you could know either how fast a particle moved or where it was, but you could never know both. Heisenberg’s Uncertainty Principle implied that some things will forever remain invisible or unknown– and that to observe something changed it forever.

Radware CEO says networks must be immunized high up the stack
Roy Zisapel, co-founder of Radware, has served as its president and chief executive officer and a director since inception. Brian McKenna spoke to him at the end of 2006 for Infosecurity magazine about how he sees the network security market.

I capture the castle
Mediaeval castle architects with their concentric, multi-layered approach can help CIOs protect key applications and business critical systems.

Six top computer forensics experts testify to their craft
Forensics is one of the top three areas in demand for training by information security professionals, according to the latest (ISC)2 Global Information Security Workforce Study, carried out by IDC. But what do expert digital forensics professionals do? And what do they think about latest developments in the field? Here we provide a round up, based on material blogged to a research project carried out by Sarah Hilley at Dublin City University. We have a line up of six leaders in the field

Getting the NAC: Cisco’s Bob Gleichauf at the London Gartner IT Security Summit
Robert Gleichauf is responsible for the development of secure network infrastructures across Cisco’s product line. Most recently, he led the development of Cisco’s Network Admission Control (NAC) initiative.
He recently spoke at the Gartner IT Security Summit in London, and spoke to Brian McKenna for Infosecurity about the trials of decrypting data in crisis situations, security officers of a new type, and the challenge of vendor interoperability.

Paul Henry — Technical knowledge gap promoting weak enterprise security
Paul Henry, vice president of strategic accounts at Secure Computing, is one of the world's foremost global information security experts, with more than 20 years experience managing security initiatives for Global 2000 enterprises and government organizations. Here he speaks to Brian McKenna, for Infosecurity, about recent and near-future changes to the threat landscape, and how the security community needs to better shape up.

IBM acquisition changes security game, says ISS’s Tom Noonan
IBM’s acquisition of Internet Security Systems (ISS) has “changed the rules of the game”, in the view of Tom Noonan, the President and CEO of ISS. He recently spoke to Brian McKenna, for Infosecurity about the significance of the acquisition.

It's political economy, stupid
Bruce Schneier is an American computer security expert, cryptographer, and writer. His books include Applied Cryptography (1996), Secrets and Lies (2000), and Beyond Fear (2003). He publishes a free monthly newsletter, 'Cryptogram', and blogs at http://www.schneier.com/blog/. He is the founder and chief technology officer of Counterpane Internet Security. This autumn he'll be speaking at ISSE 2006 in Rome, on the topic of the economics of security. He recently spoke with Brian McKenna for Infosecurity.

Mobile madness: securing the endpoint
Ken Salchow, F5 Networks
Today's computer networks have no boundaries. Their perimeters started moving a few years ago as road warriors began carrying their laptops to sales or work sites, logging in for customer information, critical construction plans and other necessary resources.

Security technology fundamentally flawed, says ex White House CIO
Former White House CIO Carlos Solari recently joined Lucent Technologies. He took time out on a recent trip to London to talk to Brian McKenna for Infosecurity.

The law starts to bite back
Andy Jones, senior research consultant at the Information Security Forum, argues that IT security professionals ignore increasingly complex international infosec laws at their peril.

Lost Highway
Ken Munro, managing director, Secure Test
Mischief and worse await public and private transport authorities as their kit joins the data highway.

Playing chess around the clock in the war on malcoders
Eugene Kaspersky is the Head of Virus Resarch at Moscow-based Kaspersky Lab. Today, he is one of the world's leading experts in the information security field. He has written a large number of articles and reviews related to computer virology and speaks regularly at specialized seminars and conferences all over the world.

At the recent Infosecurity Europe show in London, Brian McKenna caught up with him for Infosecurity.

A return to traditional methods
Web product vulnerability testing has become too easy. A cookbook approach would be to take one off-the-shelf commercial scanning tool, point it at the application you want to test, hit the Scan button, and finally send the report to anyone who's interested.

Industry matures, show demonstrates
Walking round the London Infosecurity 2006 exhibition, I was astonished. Most of the products and services on sale seemed rational, useful and sensible.

It was the first time in many years that I've been at the show and not been on a stand, and perhaps this made the whole experience more enjoyable. Maybe it clouded my judgement, but exhibitors definitely seemed to offer fewer than usual useless items.

Erik Guldentops: father of Cobit
Erik Guldentops has been involved in developing the IT governance framework Cobit (Control Objectives for Information and Related Technology) since its inception. On 16 December last year, Cobit version 4 was released by the IT Governance Institute, where Guldentops chairs the development team. SA Mathieson recently spoke to him about Cobit, the contemporary threat landscape, and EU/US differences.

Secure Computing’s CEO on industry to 2010
John McNulty is the CEO of Secure Computing, which recently acquired firewall vendor Cyberguard. As chairman and CEO of Secure Computing, John McNulty has over thirty years experience in the hi-tech industry. Before joining Secure Computing, he was senior vice president sales, services and business development at Genesys Telecommunications Laboratories. Prior to Genesys, he was with Intel Corporation, where in his last position he was director of marketing and business development for the enterprise server group, which he launched. Brian McKenna recently spoke to Mr McNulty about the vendor’s strategy, the rationale for the recent Cyberguard merger, and about the security industry’s five years ahead.

Network futures: dumb and fast, or smart and self-defending?
The human immune system is being invoked more and more as a metaphor for how ICT networks should work. Cisco CEO John Chambers regaled RSA 2006 delegates last month with a story of how his company’s self-defending network concept is inspired by human biology. Others are more sceptical. Evan Kaplan, CEO of SSL VPN supplier Aventail spoke about this development to Brian McKenna, for Infosecurity, at RSA in San José.

ISS’s CTO on 2006 – botnet armies and security services online
Chris Rouland, Chief Technology Officer, Internet Security Systems, says that for-profit hacking to the mass market saw its real debut in 2005, and that in 2006 bot armies will replace the worm.

Security in the cloud – the first line of defence
Dan Nadir, Vice President of Product Strategy for web security company ScanSafe, says security professionals need to take a closer look at web security.

Diary of a pen tester
David Beesley, director, Network Defence
Foreign hackers, weak passwords, backdoors and buffer overflows — just another day at the office for Network Defence's penetration testers. Here's a look at sample pages from the head tester's diary — and what companies can learn from the results.

Grow up and work together
Robert Gleichauf, Chief Technology Officer, Security Technology Group, Cisco Systems draws on this background as synthesizing anthropologist, and exhorts the IT security community to grow up.

Data evacuation - hurricanes revealled the networks weakest link
Ed Walsh, CEO, Avamar
A recent Washington Post report discussed the relief of a New Orleans’ school manager upon finding that 170 computer backup tapes storing critical financial information were dry and apparently undamaged in spite of flooding. This and similar stories in the wake of this year’s hurricane disasters in the United States are a stark reminder of how vulnerable business data can be. It has become clear that most companies' disaster recovery plans are only as good as the last interruption they experienced. It is likely we will see increases in natural and manmade disasters as well as data theft in the coming years and businesses need to be prepared to preserve and retrieve their mission-critical data...more

Enemy identification and deterrence
Criminals like to go where the money is. Increasingly, that means on-line. Here’s how to beat them.

Eschelbeck’s Laws
Gerhard Eschelbeck, CTO and VP-Engineering, Qualys, has revealed the 2005 iteration of his ‘Laws of Vulnerabilities’ research.
Key highlights include:
• Two out of three, or nearly 70% of systems, are currently vulnerable and in jeopardy of potential exploit or attack.
• 85% of the damage from automated attacks is created within the first fifteen days of the outbreak – speed is of the essence
Brian McKenna spoke to GerhardEschelbeck at CSI 2005 in Washington...more

Howard Schmidt — international cyber-security system two years off
Howard Schmidt, former chief security officer at Microsoft and eBay, and former special advisor to the White House on cyber-space security, recently keynoted at ISSE 2005 in Hungary. There, he spoke on the topic of global cyber-security. He is currently president and CEO of R&H Security Consulting. Brian McKenna caught up with him in Budapest for Infosecurity...more

Now you read the data, now you don’t
In general, data sharing can provide a powerful enhancement to the arsenal in fighting world terrorism, recognise and eliminate fraud, reduce errors and increase the effectiveness and economy of government programmes and reveal business opportunities. But inherent in traditional data sharing is a concern about the security of the data being exchanged.

IPSec bake off in San José
In an effort to avoid the teething pains experienced with the first go-around of IPsec VPN products, ICSA Labs is hosting multiple IPsec VPN Interoperability Workshops where vendors can bring their IKEv2 based beta products out off of their R&D benches and test them against peers.

Zero day is now
Zero day vulnerabilities provide a back-door into any operating system or application and represent a serious threat to your organization. Zero days are reality today. Ten serious zero day Windows vulnerabilities were made public in late 2004 alone — and extensively exploited by malicious hackers. EEye's Ben Nagy argues for a proactive approach.

Dorothy Denning on infosec and physical security
Dorothy Denning is one of the world’s leading information security experts. Earlier this year (ISC)² gave her the 2004 Harold F. Tipton Award in recognition of her outstanding information security career. Brian McKenna spoke to Dr Denning at the time of the award.

Howard Schmidt — bridging cyber-security gaps
Howard Schmidt, VP and chief information officer for eBay, recently spoke to Brian McKenna about professional certification, what civilian IT security managers can learn from law enforcement and the military, and 9/11. He urges IT security professionals not to be hide-bound, and to mind the gaps in their knowledge.

Security architect – Marius Nacht
Check Point Software was a firewall pioneer in the early 1990s. Co-founder and senior vice president, Marius Nacht recently spoke to Brian McKenna about the company’s origins, philosophy, and roadmap.

DDoS: don’t get stuck in denial
Paul King, Chief Security Architect, Cisco Systems
While moving business processes online brings many advantages to companies, such as widening customer reach and reducing overheads, the emergence of organised crime in the online world means that business needs to be sharper than ever when it comes to security.

The four ages of malware
Roger Thompson, Computer Associates
As malicious code has evolved, one can see four distinct ages. They show a narrowing gap between the announcement of a vulnerability and an attack that exploits it, and a shift from a pure technology-based attack to those that exploit a sophisticated understanding of social behaviour to trigger the attack.

Through the Barricades: The demise of traditional perimeter defences
Phil Worms, Director, Marketing NetIntelligence
There is a classic moment during the battle for Helm’s Deep in the epic film, Lord of the Rings, the Two Towers, when King Theoden stands atop the supposedly impregnable city. Rain sodden, he surveys the massed ranks of Suraman’s armies and defiantly shouts ‘Is this all you’ve got?’ A few fateful minutes, and a well placed explosive, later his confidence is shattered and replaced with fear as he realises that his fortress has been penetrated.