http://www.infosecurity-magazine.com/ Copyright Elsevier Ltd Intuitiv Ltd (www.intuitiv.net) Sat, 11 Feb 2012 19:08:13 GMT http://www.infosecurity-magazine.com/ http://www.infosecurity-magazine.com/_common/img/template/infosec-uk/site-logo.gif http://www.infosecurity-magazine.com/view/23802/comment-piracy-the-real-winner-in-war-against-sopa/ Not all provisions written in the original draft of SOPA were as bad as hype suggested; claims of it fueling Internet censorship are grossly exaggerated if you read its core provisions. Piracy is a multi-billion dollar problem that needs federal intervention, says GuardTime’s Mike Gault Thu, 09 Feb 2012 15:56:00 GMT http://www.infosecurity-magazine.com/view/23802/comment-piracy-the-real-winner-in-war-against-sopa/ http://www.infosecurity-magazine.com/view/23772/the-approaching-mobility-maelstrom/ Last year Drew Amorosi polled the Infosecurity editorial board on their predictions for 2011. This year he decided to broaden the sample and find out what the rest of the industry are talking about. What he received was an overdose of mobile security warnings Wed, 08 Feb 2012 16:20:00 GMT http://www.infosecurity-magazine.com/view/23772/the-approaching-mobility-maelstrom/ http://www.infosecurity-magazine.com/view/23614/comment-make-pci-dss-part-of-your-security-strategy/ Jeremy King, European director of the PCI Security Standards Council, describes how recent figures from the UK Cards Association showed PCI has been successful in decreasing the volume of card and bank account fraud Wed, 01 Feb 2012 15:17:00 GMT http://www.infosecurity-magazine.com/view/23614/comment-make-pci-dss-part-of-your-security-strategy/ http://www.infosecurity-magazine.com/view/23554/a-superior-infosec-education-/ As the information security industry becomes more coveted, Wendy M. Grossman takes a look at the university courses available to aspiring and competing infosec professionals on both sides of the Atlantic Tue, 31 Jan 2012 09:00:00 GMT http://www.infosecurity-magazine.com/view/23554/a-superior-infosec-education-/ http://www.infosecurity-magazine.com/view/23493/comment-apt-tops-security-risks-to-corporate-ip-in-2012/ Verdasys’ Bill Ledingham shares his insights on advanced persistent threats (APT) and offers steps companies can take to increase their cybersecurity Thu, 26 Jan 2012 16:00:00 GMT http://www.infosecurity-magazine.com/view/23493/comment-apt-tops-security-risks-to-corporate-ip-in-2012/ http://www.infosecurity-magazine.com/view/23473/can-security-and-privacy-coexist/ Should you have to give up privacy to get more security, or does one actually support the other? Danny Bradbury sounds out the experts Wed, 25 Jan 2012 15:26:00 GMT http://www.infosecurity-magazine.com/view/23473/can-security-and-privacy-coexist/ http://www.infosecurity-magazine.com/view/23341/comment-information-assurance-as-a-flexible-security-solution/ Chris Mayers of Citrix UK outlines how the public sector can meet confidentiality, integrity and availability requirements in the face of ongoing regulatory and technological change Thu, 19 Jan 2012 14:50:00 GMT http://www.infosecurity-magazine.com/view/23341/comment-information-assurance-as-a-flexible-security-solution/ http://www.infosecurity-magazine.com/view/23314/the-good-the-bad-and-the-ugly-insider-threats/ Whether intentional or unintentional, insider threats take many forms. The (ISC)² US Government Advisory Board Executive Writers Bureau examines this dichotomy and how it is being affected by both regulatory considerations, and the rapidly changing technology landscape Wed, 18 Jan 2012 16:12:00 GMT http://www.infosecurity-magazine.com/view/23314/the-good-the-bad-and-the-ugly-insider-threats/ http://www.infosecurity-magazine.com/view/23215/comment-information-management-policies-must-address-risk-of-human-error/ Christian Toon, head of Information Security at Iron Mountain Europe, considers the growing number of avoidable data breaches that involve paper documents and advises businesses how to minimize these risks by getting to grips with information handling, management, storage and secure destruction. Fri, 13 Jan 2012 16:31:00 GMT http://www.infosecurity-magazine.com/view/23215/comment-information-management-policies-must-address-risk-of-human-error/ http://www.infosecurity-magazine.com/view/23189/infosecurity-do-you-eat-your-own-dog-food/ How many traffic policemen never exceed the speed limit when off duty? How many vicars don’t swear? And how many IT security professionals practice what they preach? No, seriously, do you eat your own dog food? That’s the question Davey Winder has been asking of infosec professionals in an attempt to determine just how secure security experts really are away from the office Thu, 12 Jan 2012 14:43:00 GMT http://www.infosecurity-magazine.com/view/23189/infosecurity-do-you-eat-your-own-dog-food/ http://www.infosecurity-magazine.com/view/22802/comment-its-time-for-smartphone-security/ As the mobile market grows, so does mobile malware. Don DeBolt, director of threat research at internet security company Total Defense, discusses how IT practitioners and company employees can best stay safe by protecting themselves from mobile hacks, privacy concerns and more in a day and age when mobile malware is on the rise Tue, 20 Dec 2011 15:47:00 GMT http://www.infosecurity-magazine.com/view/22802/comment-its-time-for-smartphone-security/ http://www.infosecurity-magazine.com/view/22785/compliance-strategies-aka-alphabet-soup/ Does your organization follow a recipe, or simply ‘eye-up’ the ingredients to your compliance tick boxes? Fred Donovan taste-tests what is often viewed as the unsavory side of the information security profession Mon, 19 Dec 2011 14:39:00 GMT http://www.infosecurity-magazine.com/view/22785/compliance-strategies-aka-alphabet-soup/ http://www.infosecurity-magazine.com/view/22745/comment-data-governance-must-evolve-to-meet-growing-insider-threat/ Insider-driven data leaks are in the news every day, and unstructured data provides the biggest challenge for IT to secure and manage. Brian Vecci of Varonis Systems highlights key steps that organizations can take to measure and improve their data governance, and reduce data loss from insiders Fri, 16 Dec 2011 15:31:00 GMT http://www.infosecurity-magazine.com/view/22745/comment-data-governance-must-evolve-to-meet-growing-insider-threat/ http://www.infosecurity-magazine.com/view/22713/paging-doctor-compliance-/ With changes to the US healthcare system already underway – albeit at a snail’s pace – now is the perfect time to examine how the regulatory and compliance landscape may change with it. Esther Shein surveys the sector and seeks the proper prescription Thu, 15 Dec 2011 14:29:00 GMT http://www.infosecurity-magazine.com/view/22713/paging-doctor-compliance-/ http://www.infosecurity-magazine.com/view/22601/comment-get-your-moneys-worth-from-pci-pen-testing/ Orthus’ chief executive, Richard Hollis, says the responsibility for a comprehensive PCI pen test rests with the client – and it’s demands. Otherwise, your pen test could end up being worthless… Mon, 12 Dec 2011 18:29:00 GMT http://www.infosecurity-magazine.com/view/22601/comment-get-your-moneys-worth-from-pci-pen-testing/ http://www.infosecurity-magazine.com/view/22481/year-of-the-hack-/ Commonly referred to as the year of the hack, it is no secret what 2011 has become famous for in the information security industry. This year’s headlines, reports Fred Donovan, have been made up of data breaches, hacks, APT attacks and mergers and acquisitions Wed, 07 Dec 2011 12:30:00 GMT http://www.infosecurity-magazine.com/view/22481/year-of-the-hack-/ http://www.infosecurity-magazine.com/view/22473/comment-twofactor-authentication-world-of-the-token-necklace/ SecurEnvoy’s Andy Kemshall looks at the rise of two-factor authentication and why SMS-based technology is the key to strengthening vulnerable virtual applications and access points Tue, 06 Dec 2011 17:20:00 GMT http://www.infosecurity-magazine.com/view/22473/comment-twofactor-authentication-world-of-the-token-necklace/ http://www.infosecurity-magazine.com/view/22438/state-of-denial-the-chinese-cyber-threat/ Hackers exist almost anywhere there is an internet connection, yet the Chinese government continues to downplay their existence at home. Drew Amorosi takes a journey of enlightenment and seeks the truth Mon, 05 Dec 2011 15:49:00 GMT http://www.infosecurity-magazine.com/view/22438/state-of-denial-the-chinese-cyber-threat/ http://www.infosecurity-magazine.com/view/22361/comment-the-hard-cost-of-misunderstanding-least-privilege/ John Mutch and Brian Anderson unravel the common misunderstandings about privileged access that prevent organizations from better protecting their network perimeter from the risk of insider threat and negligence Wed, 30 Nov 2011 15:00:00 GMT http://www.infosecurity-magazine.com/view/22361/comment-the-hard-cost-of-misunderstanding-least-privilege/ http://www.infosecurity-magazine.com/view/22333/interview-hord-tipton-of-isc/ Within only a minute of sitting down with Hord Tipton, executive director of (ISC)², our own Eleanor Dallaway knew that the hour she had booked with him would not be adequate. You see, it’s impossible to capture the true essence of a man with a career that many can only dream of in 60 minutes. While they may have been short for time, Tipton certainly wasn’t short on stories Tue, 29 Nov 2011 15:50:00 GMT http://www.infosecurity-magazine.com/view/22333/interview-hord-tipton-of-isc/ http://www.infosecurity-magazine.com/view/22167/comment-where-the-ciso-should-sit-/ The CISO position is making a comeback, but if not strategically positioned in an organization, it can become a powerless figurehead – competing for mindshare and budget with other “functional” operations. Ed Adams of Security Innovation points out why a CISO can be far more effective if reporting to the CEO (or highest ranking risk officer) instead of the CIO Tue, 22 Nov 2011 12:30:00 GMT http://www.infosecurity-magazine.com/view/22167/comment-where-the-ciso-should-sit-/ http://www.infosecurity-magazine.com/view/22156/persistent-and-evasive-attacks-uncovered-/ APTs – and more recently AETs – have divided industry experts in opinion and often been used to scaremonger. Davey Winder reveals the truth behind the APT and AET headlines Mon, 21 Nov 2011 14:14:00 GMT http://www.infosecurity-magazine.com/view/22156/persistent-and-evasive-attacks-uncovered-/ http://www.infosecurity-magazine.com/view/21980/comment-breaching-its-way-through-congress-the-safe-data-act-/ Richard Moulds of Thales discusses the merits of the SAFE Data Act as it makes its way through the US Congress Thu, 17 Nov 2011 12:00:00 GMT http://www.infosecurity-magazine.com/view/21980/comment-breaching-its-way-through-congress-the-safe-data-act-/ http://www.infosecurity-magazine.com/view/21979/breaking-the-online-bank/ As technology and online behaviors change, so too do methods to compromise a person’s – or organization’s – most vital assets: their financial details. Ted Kritsonis examines how cyber thieves are adapting, and what the banks are doing to stop them Wed, 16 Nov 2011 12:00:00 GMT http://www.infosecurity-magazine.com/view/21979/breaking-the-online-bank/ http://www.infosecurity-magazine.com/view/21978/comment-myths-plague-perceptions-of-mobile-malware/ Trusteer’s Amit Klein takes a closer look at mobile malware, exploding the myths and dispelling the fantasies Tue, 15 Nov 2011 12:00:00 GMT http://www.infosecurity-magazine.com/view/21978/comment-myths-plague-perceptions-of-mobile-malware/ http://www.infosecurity-magazine.com/view/21977/security-education-a-lesson-learned/ Despite users being the most integral part of information security, only one to two percent of security budgets are being spent on awareness and education. Stephen Pritchard reports Mon, 14 Nov 2011 12:00:00 GMT http://www.infosecurity-magazine.com/view/21977/security-education-a-lesson-learned/ http://www.infosecurity-magazine.com/view/21905/comment-new-eu-eprivacy-legislation-why-you-should-act-now-/ George Thompson of KPMG IT Advisory explains why companies should act now in response to new e-privacy legislation, and the organizational and technical steps to consider Thu, 10 Nov 2011 12:00:00 GMT http://www.infosecurity-magazine.com/view/21905/comment-new-eu-eprivacy-legislation-why-you-should-act-now-/ http://www.infosecurity-magazine.com/view/21850/obstacles-facing-the-us-cybersecurity-initiatives-/ Although the US government is paying more attention than ever to the issue of cybersecurity, the recent battles in Washington over budgets and austerity measures mean that funding could potentially dry up in an instant. Fred Donovan surveys the experts to get their take on where the nation’s cybersecurity program is heading Wed, 09 Nov 2011 12:00:00 GMT http://www.infosecurity-magazine.com/view/21850/obstacles-facing-the-us-cybersecurity-initiatives-/ http://www.infosecurity-magazine.com/view/21873/comment-avoid-friend-or-foe-syndrome-with-your-it-auditor/ In a perfect world, the confidence and communication that exist between an organization and its IT security auditor might resemble the doctor–patient relationship. But when Philip Lieberman examines this critical aspect of IT security, he finds an increasingly troubled history – and makes some suggestions about how both sides can gain more from the partnership. Tue, 08 Nov 2011 12:00:00 GMT http://www.infosecurity-magazine.com/view/21873/comment-avoid-friend-or-foe-syndrome-with-your-it-auditor/ http://www.infosecurity-magazine.com/view/21849/crossing-borders-the-right-side-of-wrong-/ Most nations consider travel data to be crucial to protecting national security. How that data is collected, stored, and secured however seems to be a closely guarded secret. Wendy M. Grossman investigates Mon, 07 Nov 2011 12:00:00 GMT http://www.infosecurity-magazine.com/view/21849/crossing-borders-the-right-side-of-wrong-/ http://www.infosecurity-magazine.com/view/21748/comment-companies-lose-encryption-keys-and-security-in-the-amazon-cloud/ Jeff Hudson of Venafi discusses the importance of proper education and best practices for protecting SSL and SSH keys that secure the cloud Tue, 01 Nov 2011 16:45:00 GMT http://www.infosecurity-magazine.com/view/21748/comment-companies-lose-encryption-keys-and-security-in-the-amazon-cloud/ http://www.infosecurity-magazine.com/view/21708/the-spy-who-hacked-me/ James Bond was more of a jock than a nerd, and he probably wouldn’t have known how to use a computer, says Danny Bradbury. How things have changed… Mon, 31 Oct 2011 14:18:00 GMT http://www.infosecurity-magazine.com/view/21708/the-spy-who-hacked-me/ http://www.infosecurity-magazine.com/view/21643/comment-encryption-vendors-may-be-the-weakest-link/ Infosec analyst Matthew Pascucci examines the security incidents that have plagued encryption and authentication vendors this past year and calls on them to beef up their own in-house security, or face the possibility of sanctions Thu, 27 Oct 2011 15:30:00 GMT http://www.infosecurity-magazine.com/view/21643/comment-encryption-vendors-may-be-the-weakest-link/ http://www.infosecurity-magazine.com/view/21600/interview-unisys-patricia-titus-/ The road from Minnesota to Washington has many stops, especially when you take the scenic route. Drew Amorosi recently met Patricia Titus of Unisys to regale in her remarkable journey Wed, 26 Oct 2011 13:00:00 GMT http://www.infosecurity-magazine.com/view/21600/interview-unisys-patricia-titus-/ http://www.infosecurity-magazine.com/view/21530/comment-security-has-become-a-black-and-white-issue/ As cyber-attacks become increasingly sophisticated, Bimal Parmar of Faronics argues that organizations can no longer rely solely on traditional blacklist technologies, but must adopt a layered approach to endpoint security Tue, 25 Oct 2011 13:00:00 GMT http://www.infosecurity-magazine.com/view/21530/comment-security-has-become-a-black-and-white-issue/ http://www.infosecurity-magazine.com/view/21529/what-is-critical-to-your-infrastructure-/ Critical infrastructure means many things to many people. Adrian Davis, principal research analyst with the Information Security Forum (ISF), explains why determining which infrastructure elements are critical to a business is the first step in keeping them safe Mon, 24 Oct 2011 13:00:00 GMT http://www.infosecurity-magazine.com/view/21529/what-is-critical-to-your-infrastructure-/ http://www.infosecurity-magazine.com/view/21500/comment-password-reuse-equals-misuse/ A recent survey by Swivel Secure shows that 55% of people use the same password, or variations of one, to access all their online activities. Chris Russell examines the corporate risks of password reuse and emphasizes the need for multifactor authentication for accessing business critical data Thu, 20 Oct 2011 16:52:00 GMT http://www.infosecurity-magazine.com/view/21500/comment-password-reuse-equals-misuse/ http://www.infosecurity-magazine.com/view/21462/you-dirty-shady-rat/ The latest APT to come to light is what McAfee has dubbed ‘Shady RAT’. But the folks at Kaspersky have voiced some objections. Drew Amorosi examines the threat…and the controversy Wed, 19 Oct 2011 15:17:00 GMT http://www.infosecurity-magazine.com/view/21462/you-dirty-shady-rat/ http://www.infosecurity-magazine.com/view/21317/comment-cybergang-crackdown-cripples-malware-trafficfor-now/ This past summer’s FBI-coordinated crackdown on computer scareware companies virtually shut the fake security software business down, but without the implementation of tough, diverse preventative solutions, Enigma Software's Alvin Estevez says it might remain akin to nothing more than cutting off the head of a hydra Wed, 12 Oct 2011 17:20:00 GMT http://www.infosecurity-magazine.com/view/21317/comment-cybergang-crackdown-cripples-malware-trafficfor-now/ http://www.infosecurity-magazine.com/view/21232/the-state-of-smartphone-security-/ An awful lot of lip service has been paid to smartphone security. Whereas most industry experts agree that, to date at least, smartphone security threats are mainly hype, that doesn’t mean this won’t change. Davey Winder investigates… Tue, 11 Oct 2011 13:00:00 GMT http://www.infosecurity-magazine.com/view/21232/the-state-of-smartphone-security-/ http://www.infosecurity-magazine.com/view/21231/comment-implement-comprehensive-mobile-security-today-/ Mobility and consumerization mean that the landscape of the corporate IT estate is changing in ways that are making new demands of security professionals. Dave Everitt of Absolute Software explains why a multi-tiered security strategy is essential to overcome increased threats Mon, 10 Oct 2011 12:45:00 GMT http://www.infosecurity-magazine.com/view/21231/comment-implement-comprehensive-mobile-security-today-/ http://www.infosecurity-magazine.com/view/21167/security-vendors-trendsetters-or-trend-followers/ How far ahead of the curve – or behind it – are vendors when it comes to identifying security trends? Danny Bradbury finds out that the curve may not matter at all Thu, 06 Oct 2011 12:45:00 GMT http://www.infosecurity-magazine.com/view/21167/security-vendors-trendsetters-or-trend-followers/ http://www.infosecurity-magazine.com/view/21177/phone-hacking-scandal-whos-getting-the-message/ In the wake of the tabloid cellphone hacking scandal, have operators really closed all the loopholes that let snoopers intercept our communications? Jim Mortleman investigates Thu, 06 Oct 2011 10:44:00 GMT http://www.infosecurity-magazine.com/view/21177/phone-hacking-scandal-whos-getting-the-message/ http://www.infosecurity-magazine.com/view/21162/comment-its-time-to-take-apts-seriously/ Ross Brewer of LogRhythm explores the danger posed by advanced persistent threats, the rash of high-profile data breaches that have been making headlines this year, and the steps organizations should be taking to protect IT assets Wed, 05 Oct 2011 18:00:00 GMT http://www.infosecurity-magazine.com/view/21162/comment-its-time-to-take-apts-seriously/ http://www.infosecurity-magazine.com/view/21099/please-feed-the-bear-the-growing-russian-infosec-market/ The Russian information security market is thriving, fueled by a rise in cybercrime. Some foreign security firms, however, have found it difficult to break into the market. Fred Donovan explains why Tue, 04 Oct 2011 12:30:00 GMT http://www.infosecurity-magazine.com/view/21099/please-feed-the-bear-the-growing-russian-infosec-market/ http://www.infosecurity-magazine.com/view/21070/comment-network-forensics-beyond-activity-monitoring/ Network activity monitoring can alert a company to a security breach or an attack, but Jay Botelho of WildPackets points out that a network forensics solution can take network monitoring a step further and use this information to prevent future attacks Mon, 03 Oct 2011 13:00:00 GMT http://www.infosecurity-magazine.com/view/21070/comment-network-forensics-beyond-activity-monitoring/ http://www.infosecurity-magazine.com/view/21016/cashing-in-on-security-training/ At long last, a cybersecurity career field has emerged. The (ISC)² US Government Advisory Board Executive Writers Bureau examines where employment opportunities lie and how much you can expect to be paid in this very important sector Thu, 29 Sep 2011 12:30:00 GMT http://www.infosecurity-magazine.com/view/21016/cashing-in-on-security-training/ http://www.infosecurity-magazine.com/view/20990/comment-tackling-data-protection-concerns-on-public-cloud-services-/ To ensure highest security and compliance standards are met in the cloud, organizations need to adopt a data-centric approach that focuses on protecting data throughout its lifecycle, argues Mike Smart of SafeNet. Wed, 28 Sep 2011 12:30:00 GMT http://www.infosecurity-magazine.com/view/20990/comment-tackling-data-protection-concerns-on-public-cloud-services-/ http://www.infosecurity-magazine.com/view/20836/antivirus-is-there-life-in-the-old-dog-/ Once upon a time, anti-virus technology was a well-coveted standalone product. These days, it is often considered a commodity that can be adequately built into a UTM offering. Cath Everett investigates whether or not a market for standalone anti-virus technology still exists Tue, 20 Sep 2011 12:30:00 GMT http://www.infosecurity-magazine.com/view/20836/antivirus-is-there-life-in-the-old-dog-/ http://www.infosecurity-magazine.com/view/20759/comment-privacy-trust-and-identity-in-the-cloud/ The cloud provides many services that are used by individuals to network, and to buy services. ISACA’s Mike Small explores how this has created new challenges relating to identity, privacy and trust Thu, 15 Sep 2011 12:30:00 GMT http://www.infosecurity-magazine.com/view/20759/comment-privacy-trust-and-identity-in-the-cloud/ http://www.infosecurity-magazine.com/view/20723/the-truth-about-dlp/ Data loss prevention: the term that fills marketing managers with joy, and infosec managers with dread. Preventing a data leak may be the top priority for the IT security team, but is DLP technology mature, and cost effective enough, to be the answer? Stephen Pritchard reports Tue, 13 Sep 2011 15:55:00 GMT http://www.infosecurity-magazine.com/view/20723/the-truth-about-dlp/ http://www.infosecurity-magazine.com/view/20602/comment-power-to-the-people-to-secure-consumerized-devices/ How should you deliver security to the personal devices your users want to use for work? Simple – give the users some responsibility. Terry Greer-King of Check Point explains Thu, 08 Sep 2011 12:30:00 GMT http://www.infosecurity-magazine.com/view/20602/comment-power-to-the-people-to-secure-consumerized-devices/ http://www.infosecurity-magazine.com/view/20603/comment-we-all-need-to-keep-closer-tabs-on-financial-data/ Mohan Koo, managing director of Dtex Systems, explains how recent data breaches show that organizations are focusing on external security while neglecting insider threats Thu, 08 Sep 2011 12:30:00 GMT http://www.infosecurity-magazine.com/view/20603/comment-we-all-need-to-keep-closer-tabs-on-financial-data/ http://www.infosecurity-magazine.com/view/20497/interview-atts-edward-amoroso/ AT&T’s Ed Amoroso writes books, lectures, is a college professor, and plays the guitar – all in his spare time. Drew Amorosi recently spoke with the telecom’s chief security officer to find out what he does for a daytime encore Wed, 07 Sep 2011 12:30:00 GMT http://www.infosecurity-magazine.com/view/20497/interview-atts-edward-amoroso/ http://www.infosecurity-magazine.com/view/20496/biometrics-how-and-now/ Using biometric data for identity access and management can be a controversial move. Esther Shein examines the drawbacks, and looks at where and how biometrics are currently being used Tue, 06 Sep 2011 12:30:00 GMT http://www.infosecurity-magazine.com/view/20496/biometrics-how-and-now/ http://www.infosecurity-magazine.com/view/20484/comment-intelligent-network-forensics-peeling-back-the-onion/ Dealing with a true ‘targeted’ attack or ‘advanced persistent threat’ (APT) is a process, not an event, and it includes a discovery phase, an investigation phase, and a remediation phase. The objective is being able to see, study, and stop the threats that are flowing over networks, says Kurt Bertone of Fidelis Security Systems Thu, 01 Sep 2011 17:49:00 GMT http://www.infosecurity-magazine.com/view/20484/comment-intelligent-network-forensics-peeling-back-the-onion/ http://www.infosecurity-magazine.com/view/20474/comment-the-ssl-offload-dilemma/ Nathan Pearce of F5 Networks discusses why more organizations are reviewing their security in the wake of recent breaches, how raised security arrangements will inevitably put strain on servers, and the need to take action. Thu, 01 Sep 2011 14:59:00 GMT http://www.infosecurity-magazine.com/view/20474/comment-the-ssl-offload-dilemma/ http://www.infosecurity-magazine.com/view/20413/a-rotting-security-apple/ Vendors, analysts, and commentators alike have long predicted a surge in malware affecting Apple’s products. Yet, until recently, these prognostications have failed to materialize. Drew Amorosi examines recent malware threats to Apple’s OS X operating system to find out if this is an anomaly, or a sign of things to come Wed, 31 Aug 2011 12:30:00 GMT http://www.infosecurity-magazine.com/view/20413/a-rotting-security-apple/ http://www.infosecurity-magazine.com/view/20348/interview-barclaycards-neira-jones/ It has taken Neira Jones only three years to earn herself a reputation in the information security industry to be proud of. Eleanor Dallaway met the Barclaycard security expert to find out how she did it… Fri, 26 Aug 2011 12:30:00 GMT http://www.infosecurity-magazine.com/view/20348/interview-barclaycards-neira-jones/ http://www.infosecurity-magazine.com/view/20337/comment-eu-data-breach-notification-law-is-a-start-but-not-enough/ In the wake of the announcement that companies in the EU will have to disclose data breaches, Thales’ Steve Brunswick suggests the imposition of fines would improve information security standards Thu, 25 Aug 2011 15:00:00 GMT http://www.infosecurity-magazine.com/view/20337/comment-eu-data-breach-notification-law-is-a-start-but-not-enough/ http://www.infosecurity-magazine.com/view/20083/does-it-matter-if-its-black-or-whitelisting-/ While many experts agree that whitelisting provides superior security to that of its antonym, blacklisting, there are concerns over its practicality and usability. Kevin Townsend puts the technologies head to head Thu, 18 Aug 2011 15:47:00 GMT http://www.infosecurity-magazine.com/view/20083/does-it-matter-if-its-black-or-whitelisting-/ http://www.infosecurity-magazine.com/view/20080/comment-phone-hacking-scandal-spyware-and-trust-/ Gareth Maclachlan, founder and COO of AdaptiveMobile, discusses the issue of mobile malware and explores why mobile operators need to enhance their security practices to ensure subscribers are protected from the increasingly sophisticated range of mobile threats Wed, 17 Aug 2011 12:45:00 GMT http://www.infosecurity-magazine.com/view/20080/comment-phone-hacking-scandal-spyware-and-trust-/ http://www.infosecurity-magazine.com/view/20079/all-eyes-on-csi-cyberspace/ In an ever-changing world, the way crimes are committed, and subsequently investigated, must also change. Lauren Moraski takes us inside the world of modern-day cybercrime forensic investigation Tue, 16 Aug 2011 12:45:00 GMT http://www.infosecurity-magazine.com/view/20079/all-eyes-on-csi-cyberspace/ http://www.infosecurity-magazine.com/view/20076/rsa-life-after-breach-/ With the RSA security breach still fresh in the minds of information security practitioners across the world, you’d be forgiven for assuming that the heyday for token-based ID is long gone. Stephen Pritchard investigates the advantages and disadvantages of token-based ID and finds out why, for now at least, it’s here to stay Fri, 12 Aug 2011 16:42:00 GMT http://www.infosecurity-magazine.com/view/20076/rsa-life-after-breach-/ http://www.infosecurity-magazine.com/view/20047/comment-physical-security-in-a-digital-world/ While most managed services providers can provide excellent levels of digital security, servers still exist in the real world and this is often where they are at their most vulnerable. Simon Neal, COO at The Bunker, outlines why some measures and human processes should be implemented to guard against physical threats Thu, 11 Aug 2011 17:00:00 GMT http://www.infosecurity-magazine.com/view/20047/comment-physical-security-in-a-digital-world/ http://www.infosecurity-magazine.com/view/20013/a-day-in-the-life-of-a-ciso/ CISOs rarely have a typical day, but they all face similar challenges. Danny Bradbury explores some of them Wed, 10 Aug 2011 18:46:00 GMT http://www.infosecurity-magazine.com/view/20013/a-day-in-the-life-of-a-ciso/ http://www.infosecurity-magazine.com/view/19864/seven-crucial-infosec-career-steps/ The (ISC)² US Government Advisory Board Executive Writers Bureau shares its wisdom and experiences from the perspective of career-IT and IT security professionals by focusing on the keys to a successful career. Read on for advice on how younger professionals can get the best out of this rewarding profession Thu, 04 Aug 2011 12:30:00 GMT http://www.infosecurity-magazine.com/view/19864/seven-crucial-infosec-career-steps/ http://www.infosecurity-magazine.com/view/19802/comment-dont-forget-your-password-security/ Idan Shoham of Hitachi ID Systems explores today’s authentication methods and why password security is still relevant in today’s environment Mon, 01 Aug 2011 20:00:00 GMT http://www.infosecurity-magazine.com/view/19802/comment-dont-forget-your-password-security/ http://www.infosecurity-magazine.com/view/19790/comment-securing-mobile-commerce-from-start-to-finish/ With the rise of mobile commerce comes increased responsibility for retailers to ensure they have the necessary systems in place to protect customer data, writes Verizon Business’ David Tran. Mon, 01 Aug 2011 15:29:00 GMT http://www.infosecurity-magazine.com/view/19790/comment-securing-mobile-commerce-from-start-to-finish/ http://www.infosecurity-magazine.com/view/19763/interview-check-points-gil-shwed/ For a man whose company turned over one billion dollars last year, Gil Shwed is remarkably quiet and unassuming. At the Check Point Experience in Barcelona, Eleanor Dallaway spent an hour with Mr Shwed – one of the industry’s most successful entrepreneurs – and this is what she learned... Fri, 29 Jul 2011 16:39:00 GMT http://www.infosecurity-magazine.com/view/19763/interview-check-points-gil-shwed/ http://www.infosecurity-magazine.com/view/19701/comment-hipaa-vs-the-cloud/ Cloud computing provides a cost effective service option for the IT needs of healthcare organizations; however, loss of assured end-to-end control of data can create HIPPA compliance issues. Chris Witt, CEO of WAKE Technology Services, serves up his perspective on the tradeoffs Wed, 27 Jul 2011 16:14:00 GMT http://www.infosecurity-magazine.com/view/19701/comment-hipaa-vs-the-cloud/ http://www.infosecurity-magazine.com/view/19677/comment-mastering-mobile-security/ Paul Lothian, principal adviser at KPMG, believes increasingly functional mobile devices are now firmly in the sights of cybercriminals. Wed, 27 Jul 2011 08:30:00 GMT http://www.infosecurity-magazine.com/view/19677/comment-mastering-mobile-security/ http://www.infosecurity-magazine.com/view/19632/the-ciso-pilgrimage-/ In much the same way that the role of a CISO has evolved, so has the journey to get there. Wendy M. Grossman looks at what steps an aspiring CISO must take to get themselves from school to the board room Fri, 22 Jul 2011 17:00:00 GMT http://www.infosecurity-magazine.com/view/19632/the-ciso-pilgrimage-/ http://www.infosecurity-magazine.com/view/19587/comment-public-vs-private-things-that-really-matter-in-the-cloud/ Aydin Kurt-Elli, COO at Lumison, reflects on the Amazon EC2 outage, exploring what a private cloud infrastructure can offer organizations amid public cloud fears. Thu, 21 Jul 2011 15:37:00 GMT http://www.infosecurity-magazine.com/view/19587/comment-public-vs-private-things-that-really-matter-in-the-cloud/ http://www.infosecurity-magazine.com/view/19302/interview-bts-bruce-schneier/ BT’s Bruce Schneier has made a reputation for himself by exploring the unconventional sides of security. Drew Amorosi sat down with this industry luminary to gain a greater understanding of the man and, briefly, dive into the mind and life that is Bruce Schneier… Mon, 11 Jul 2011 12:30:00 GMT http://www.infosecurity-magazine.com/view/19302/interview-bts-bruce-schneier/ http://www.infosecurity-magazine.com/view/19254/comment-accidental-data-deletion-still-considered-spoliation/ Bill Tolson of Autonomy examines the perils of eDiscovery requirements and what organizations should do to prepare for all-but-inevitable lawsuits Thu, 07 Jul 2011 19:00:00 GMT http://www.infosecurity-magazine.com/view/19254/comment-accidental-data-deletion-still-considered-spoliation/ http://www.infosecurity-magazine.com/view/19252/comment-passwords-are-no-longer-enough/ Strong authentication is key to adequately protecting critical data in a mobile age. Stephen Howes, CTO of GrIDsure, looks at the options Thu, 07 Jul 2011 17:29:00 GMT http://www.infosecurity-magazine.com/view/19252/comment-passwords-are-no-longer-enough/ http://www.infosecurity-magazine.com/view/19084/data-breach-spring/ Infosecurity’s Drew Amorosi examines three data breach incidents from the past few months that, by their nature, keep security vendors in business, regulators busy, and CISOs up at night. Find out why industry observers think this rash of massive breaches could lead to a ‘PCI for consumer privacy’ Thu, 30 Jun 2011 16:58:00 GMT http://www.infosecurity-magazine.com/view/19084/data-breach-spring/ http://www.infosecurity-magazine.com/view/18998/comment-rsa-securid-breach-where-do-we-go-from-here/ Philip Lieberman, CEO and president of Lieberman Software, gives us his opinion on the origins of the recent RSA Security data breach, laying much of the blame on lack of investment and lax management. He outlines some of the lessons we should learn from this disaster and a way forward for the wary. Tue, 28 Jun 2011 19:49:00 GMT http://www.infosecurity-magazine.com/view/18998/comment-rsa-securid-breach-where-do-we-go-from-here/ http://www.infosecurity-magazine.com/view/18995/comment-financial-institutions-must-plug-insider-leaks/ With whistleblowing website WikiLeaks stepping up its attack on governments and corporates, financial institutions are increasingly facing the threat of insider collusion with outsiders. Simon Romp, principal consultant at Rule Financial, explains how banks can strengthen their walls and minimise the risk of sensitive data being leaked from the inside. Tue, 28 Jun 2011 17:19:00 GMT http://www.infosecurity-magazine.com/view/18995/comment-financial-institutions-must-plug-insider-leaks/ http://www.infosecurity-magazine.com/view/18849/researching-the-security-researchers/ The security industry doesn’t have it easy. For every virus it detects and prevents, several new ones are being designed for maximum impact and damage. Information security researchers are up against a deluge of malware writers. Wendy M. Grossman reports on how they keep up Wed, 22 Jun 2011 15:30:00 GMT http://www.infosecurity-magazine.com/view/18849/researching-the-security-researchers/ http://www.infosecurity-magazine.com/view/18822/comment-breaches-underscore-need-for-device-id/ The recent compromise of RSA’s SecurID tokens and the subsequent breach of Lockheed Martin’s network doesn’t signify a complete failure, argues Wave Systems’ Steven K. Sprague, but rather an incomplete defense. Wed, 22 Jun 2011 12:30:00 GMT http://www.infosecurity-magazine.com/view/18822/comment-breaches-underscore-need-for-device-id/ http://www.infosecurity-magazine.com/view/18818/comment-key-management-strategies-in-the-cloud/ Jon Geater, director of technical strategy at Thales e-Security, discusses the need for an information-centric approach to key management in the cloud and a range of strategies that could be deployed. Tue, 21 Jun 2011 16:00:00 GMT http://www.infosecurity-magazine.com/view/18818/comment-key-management-strategies-in-the-cloud/ http://www.infosecurity-magazine.com/view/18748/the-infosec-market-in-china-proceed-with-caution/ Set to become the second largest economy in the world, China has the money and the people to make information security companies very profitable indeed. Kevin Townsend investigates the Chinese data and privacy culture and the regulations that make ‘cracking’ China a huge challenge for information security businesses Thu, 16 Jun 2011 16:10:00 GMT http://www.infosecurity-magazine.com/view/18748/the-infosec-market-in-china-proceed-with-caution/ http://www.infosecurity-magazine.com/view/18674/comment-data-breaches-a-symptom-of-a-bigger-problem/ The recent rash of high-profile data breaches can have a happy ending if IT and security leaders can convince the C-suite to break the cycle. In this op-ed, Johnathan Norman of Alert Logic explains that the first step is getting the C-suite to consider the value of their data and how much a breach would cost, so they can understand the enormous risk they are taking. Tue, 14 Jun 2011 20:19:00 GMT http://www.infosecurity-magazine.com/view/18674/comment-data-breaches-a-symptom-of-a-bigger-problem/ http://www.infosecurity-magazine.com/view/18671/comment-cracking-the-counterfeit-fraud-challenge/ While banking fraud might be at its lowest level ever in the UK, now is not the time for complacency. Emil Büchler, head of cards at SIX Card Solutions, explains that while advances are being made to stop the card counterfeiters, work remains to be done. Tue, 14 Jun 2011 17:58:00 GMT http://www.infosecurity-magazine.com/view/18671/comment-cracking-the-counterfeit-fraud-challenge/ http://www.infosecurity-magazine.com/view/18635/phishing-for-chips-why-the-online-gambling-industry-is-oddson-to-beat-cybercrime/ While online gamers might not consider information security a priority, online gambling operators are very much aware that their sites are great big targets for cybercriminals. Davey Winder asks what online gaming sites are doing to secure themselves, and their customers, against a rising tide of cybercrime? Mon, 13 Jun 2011 17:35:00 GMT http://www.infosecurity-magazine.com/view/18635/phishing-for-chips-why-the-online-gambling-industry-is-oddson-to-beat-cybercrime/ http://www.infosecurity-magazine.com/view/18600/the-gods-of-phishing/ Some phishing attempts are truly ethereal – near flawless representations of official communications. Others, however, are mere mortals. And then there’s the absolutely absurd. Esther Shein visits the pantheon of scammer emails Fri, 10 Jun 2011 16:00:00 GMT http://www.infosecurity-magazine.com/view/18600/the-gods-of-phishing/ http://www.infosecurity-magazine.com/view/18565/comment-visionaries-recognize-the-changing-nature-of-crime-as-an-opportunity/ Infosecurity is proud to welcome W. Hord Tipton, executive director of (ISC)², as the newest member of its editorial board. As part of his welcome, Tipton shares why, whether large or small, organizations’ security technology is only as good as the people being tasked to operate and maintain it Thu, 09 Jun 2011 18:30:00 GMT http://www.infosecurity-magazine.com/view/18565/comment-visionaries-recognize-the-changing-nature-of-crime-as-an-opportunity/ http://www.infosecurity-magazine.com/view/18527/comment-staying-secure-with-a-limited-budget/ Ray Bryant, CEO of Idappcom, looks at how IT departments can maintain the same level of service and security with less money. He advises where cuts can be made and how these will help a business run more cost-effectively without affecting service levels and, more importantly, ensure that an organization does not become more vulnerable to attacks. Thu, 09 Jun 2011 08:30:00 GMT http://www.infosecurity-magazine.com/view/18527/comment-staying-secure-with-a-limited-budget/ http://www.infosecurity-magazine.com/view/18481/apple-to-its-iphone-users-weve-iphound-you/ Apple recently got itself into some hot water over the fact that its iPhones were quietly logging their users' locations to a hidden and unencrypted data file. Steve Gold, Infosecurity's technical editor, explains the fallout... Wed, 08 Jun 2011 12:30:00 GMT http://www.infosecurity-magazine.com/view/18481/apple-to-its-iphone-users-weve-iphound-you/ http://www.infosecurity-magazine.com/view/18480/apple-to-its-iphone-users-weve-iphound-you/ Apple recently got itself into some hot water over the fact that its iPhones were quietly logging their users' locations to a hidden and unencrypted datafile. Steve Gold, Infosecurity's technical editor, explains the fallout... Wed, 08 Jun 2011 08:30:00 GMT http://www.infosecurity-magazine.com/view/18480/apple-to-its-iphone-users-weve-iphound-you/ http://www.infosecurity-magazine.com/view/18375/comment-security-research-goes-proactive-the-hacker-intelligence-initiative/ Sun Tzu’s “The Art of War” taught us to know your enemy in order to prevail over it. Imperva’s Amichai Shulman demonstrates why applying such methods to the hacker community can help the security industry come out on top Thu, 02 Jun 2011 21:00:00 GMT http://www.infosecurity-magazine.com/view/18375/comment-security-research-goes-proactive-the-hacker-intelligence-initiative/ http://www.infosecurity-magazine.com/view/18373/comment-web-vulnerabilities-vector-of-choice-/ Aziz Maakaroun, business development director for Outpost24, discusses why organizations need to step up their online defenses by scanning for web application vulnerabilities. Thu, 02 Jun 2011 17:32:00 GMT http://www.infosecurity-magazine.com/view/18373/comment-web-vulnerabilities-vector-of-choice-/ http://www.infosecurity-magazine.com/view/18319/the-rise-and-fall-of-online-credit-fraud-/ While Chip and Pin technology has certainly decreased in-store fraud, it has also re-directed criminals’ attention to online banks and shoppers. Stephen Pritchard investigates what methods cybercriminals are using to steal credit card data, and reports on how the finance sector is fighting back Wed, 01 Jun 2011 13:39:00 GMT http://www.infosecurity-magazine.com/view/18319/the-rise-and-fall-of-online-credit-fraud-/ http://www.infosecurity-magazine.com/view/18134/comment-virtualization-minus-the-migraine/ Shavlik Technologies’ Rob Juncker examines the possible pitfalls of virtualization and offers a strategy for safe and effective technological advancement: cohesive policies and even tighter IT architectures Mon, 23 May 2011 19:39:00 GMT http://www.infosecurity-magazine.com/view/18134/comment-virtualization-minus-the-migraine/ http://www.infosecurity-magazine.com/view/18132/comment-2011-the-year-tokens-died-/ Andrew Kemshall, CTO and co-founder of SecurEnvoy, presents a compelling argument for fading out physical tokens for two-factor authentication and replacing them with tokenless solutions using SMS technology, which is both cheaper and faster. Read on as he weighs the pros and cons Mon, 23 May 2011 16:22:00 GMT http://www.infosecurity-magazine.com/view/18132/comment-2011-the-year-tokens-died-/ http://www.infosecurity-magazine.com/view/18074/cybercrime-knows-no-borders-/ Prosecuting cybercrime is no easy task. Even with today’s forensic capabilities, legal inadequacies in various jurisdictions, not to mention uneven enforcement, make stemming the tide a rather daunting task. Lauren Moraski reports on the complications Thu, 19 May 2011 17:00:00 GMT http://www.infosecurity-magazine.com/view/18074/cybercrime-knows-no-borders-/ http://www.infosecurity-magazine.com/view/17887/comment-combating-weaponized-malware-/ Ironically, organizations that deploy digital certificates and encryption keys to address security and compliance concerns can end up putting themselves at risk. Improved management can reverse the trend, says Venafi CEO Jeff Hudson. Tue, 10 May 2011 19:00:00 GMT http://www.infosecurity-magazine.com/view/17887/comment-combating-weaponized-malware-/ http://www.infosecurity-magazine.com/view/17877/comment-assured-government-where-next-for-government-data-security/ The government has announced its direction of travel for data security but now needs industry to tell it what the destination will actually look like. Piecing together the operational and policy Whitehall jigsaw is a challenge to which the industry must rise says William Wallace, former IT security adviser to the Conservative Party. Tue, 10 May 2011 14:55:00 GMT http://www.infosecurity-magazine.com/view/17877/comment-assured-government-where-next-for-government-data-security/