http://www.infosecurity-magazine.com/ Copyright Elsevier Ltd Intuitiv Ltd (www.intuitiv.net) Tue, 22 May 2012 19:09:51 GMT http://www.infosecurity-magazine.com/ http://www.infosecurity-magazine.com/_common/img/template/infosec-uk/site-logo.gif http://www.infosecurity-magazine.com/view/25738/comment-the-missing-link-from-dlp/ Solutions to prevent data loss need to involve the data owners themselves, so they can take appropriate actions to remediate risks before data is leaked. Traditional DLP technologies alone cannot achieve your security and governance goals, says David Gibson of Varonis Thu, 17 May 2012 09:30:00 GMT http://www.infosecurity-magazine.com/view/25738/comment-the-missing-link-from-dlp/ http://www.infosecurity-magazine.com/view/25737/the-perception-of-dlp/ Think you can purchase the latest application and all of your data loss worries will disappear? Think again, says John Walker. To this security expert, DLP is about more than technology Tue, 15 May 2012 09:30:00 GMT http://www.infosecurity-magazine.com/view/25737/the-perception-of-dlp/ http://www.infosecurity-magazine.com/view/25695/comment-avoid-the-inherent-risks-of-consumer-gadgets-and-email/ Consumer gadgets and corporate email can be a risk to information; John Thielens of Axway looks at how this can be avoided without banning consumer devices altogether Thu, 10 May 2012 15:11:00 GMT http://www.infosecurity-magazine.com/view/25695/comment-avoid-the-inherent-risks-of-consumer-gadgets-and-email/ http://www.infosecurity-magazine.com/view/25615/follow-the-money-the-economics-of-fake-antivirus/ Fake anti-virus remains a high-level threat for the most vulnerable of computer users. Danny Bradbury tracks the money Tue, 08 May 2012 10:00:00 GMT http://www.infosecurity-magazine.com/view/25615/follow-the-money-the-economics-of-fake-antivirus/ http://www.infosecurity-magazine.com/view/25573/comment-its-not-about-network-security-its-about-business-security/ Gidi Cohen of Skybox Security explores the challenges information security executives face, and provides key steps they can take to tune their existing security infrastructure to be more effective and efficient Thu, 03 May 2012 14:15:00 GMT http://www.infosecurity-magazine.com/view/25573/comment-its-not-about-network-security-its-about-business-security/ http://www.infosecurity-magazine.com/view/25481/lets-get-this-byod-office-party-started/ The most dangerous security aspect of BYOD, according to many experts, is the apps that personal devices run, not the operating system or hardware. Fred Donovan examines how organizations can say ‘yes’ to employee-owned devices while still maintaining control of their data Tue, 01 May 2012 09:00:00 GMT http://www.infosecurity-magazine.com/view/25481/lets-get-this-byod-office-party-started/ http://www.infosecurity-magazine.com/view/25398/comment-defeating-apt-in-the-cyber-trenches/ Jim Butterworth of HBGary argues that instead of building bigger digital walls to secure their organizations, CSO’s must instead build resilience by combating advanced persistent threats (APTs) where they least expect them – already firmly established inside the network Thu, 26 Apr 2012 09:30:00 GMT http://www.infosecurity-magazine.com/view/25398/comment-defeating-apt-in-the-cyber-trenches/ http://www.infosecurity-magazine.com/view/25302/preventing-an-olympicsized-disaster/ With the London 2012 Olympics almost upon us, Stephen Pritchard looks at the wider impact that the Games may have on London and the UK’s infrastructure. He finds that networks, businesses, transportation and remote working are all causes for concern Tue, 24 Apr 2012 09:00:00 GMT http://www.infosecurity-magazine.com/view/25302/preventing-an-olympicsized-disaster/ http://www.infosecurity-magazine.com/view/25301/comment-mobility-goes-mainstream/ Infosecurity welcomes Patricia Titus, VP and CISO of Symantec, as the newest member of our Editorial Advisory Board. Titus tells us why following security best practices is the key to a successful mobility strategy Mon, 23 Apr 2012 13:00:00 GMT http://www.infosecurity-magazine.com/view/25301/comment-mobility-goes-mainstream/ http://www.infosecurity-magazine.com/view/25300/protecting-distributed-network-infrastructure-availability-across-a-cloudconnected-workforce/ Robert Waldie of Opengear looks at three strategies learned in the data center to secure distributed sites against breach-of-availability incidents Mon, 23 Apr 2012 09:00:00 GMT http://www.infosecurity-magazine.com/view/25300/protecting-distributed-network-infrastructure-availability-across-a-cloudconnected-workforce/ http://www.infosecurity-magazine.com/view/25298/comment-turn-to-militarygrade-security/ Key industrial infrastructure is becoming as vulnerable as corporate data to attack, driving commercial organizations toward defense-grade IT solutions for protection. Arun Subbarao of LynuxWorks explains the wisdom behind the strategy Fri, 20 Apr 2012 18:17:00 GMT http://www.infosecurity-magazine.com/view/25298/comment-turn-to-militarygrade-security/ http://www.infosecurity-magazine.com/view/25294/comment-do-you-know-where-your-data-is/ As businesses increasingly bring in mobile devices for their staff, data can no longer be pinpointed to the. Siân John of Symantec discusses the threats to businesses and how employing data encryption on mobile devices brings a new level of security to sensitive business information Fri, 20 Apr 2012 15:00:00 GMT http://www.infosecurity-magazine.com/view/25294/comment-do-you-know-where-your-data-is/ http://www.infosecurity-magazine.com/view/25247/comment-taking-the-ethical-high-road/ Marcus Ranum of Tenable Network Security outlines how the IT security industry can ensure its integrity by maintaining a strong code of ethics Thu, 19 Apr 2012 09:30:00 GMT http://www.infosecurity-magazine.com/view/25247/comment-taking-the-ethical-high-road/ http://www.infosecurity-magazine.com/view/25222/interview-boris-goncharov-g4s/ Q&A with Boris Goncharov, CISO, G4S, and keynote speaker at Infosecurity Europe 2012 Thu, 19 Apr 2012 09:00:00 GMT http://www.infosecurity-magazine.com/view/25222/interview-boris-goncharov-g4s/ http://www.infosecurity-magazine.com/view/25235/comment-visibility-is-an-essential-component-to-data-governance/ Addressing the volume of organizational data requires a balanced approach, which includes locating and identifying data by category. This visibility is the first step in identifying risk, says Gerard Curtin of PixAlert Wed, 18 Apr 2012 16:35:00 GMT http://www.infosecurity-magazine.com/view/25235/comment-visibility-is-an-essential-component-to-data-governance/ http://www.infosecurity-magazine.com/view/25221/interview-matt-palmer-skipton-building-society/ Q&A with Matt Palmer, group information security officer, Skipton Building Society, and a keynote speaker at Infosecurity Europe 2012 Wed, 18 Apr 2012 11:00:00 GMT http://www.infosecurity-magazine.com/view/25221/interview-matt-palmer-skipton-building-society/ http://www.infosecurity-magazine.com/view/25220/interview-mark-adamswright-suffolk-county-council/ Q&A with Mark Adams-Wright, CISO, Suffolk County Council, and keynote speaker at Infosecurity Europe 2012 Wed, 18 Apr 2012 09:00:00 GMT http://www.infosecurity-magazine.com/view/25220/interview-mark-adamswright-suffolk-county-council/ http://www.infosecurity-magazine.com/view/25219/comment-flowbased-monitoring-provides-security-for-the-byod-environment/ Lancope’s Joe Yeager discusses the benefits of leveraging flow-based data collection and analysis for mobile device security in BYOD environments Tue, 17 Apr 2012 22:40:00 GMT http://www.infosecurity-magazine.com/view/25219/comment-flowbased-monitoring-provides-security-for-the-byod-environment/ http://www.infosecurity-magazine.com/view/25218/interview-graham-mckay-dc-thomson/ Q&A with Graham McKay, CISO, DC Thomson & Co. Ltd., and keynote speaker at Infosecurity Europe 2012 Tue, 17 Apr 2012 21:44:00 GMT http://www.infosecurity-magazine.com/view/25218/interview-graham-mckay-dc-thomson/ http://www.infosecurity-magazine.com/view/25205/comment-byodbut-keep-the-data-in-the-office/ KPMG CIO Advisory’s Martin Lunt believes BYOD has significant benefits for organizations, providing clear security policies are in place from the start Tue, 17 Apr 2012 17:53:00 GMT http://www.infosecurity-magazine.com/view/25205/comment-byodbut-keep-the-data-in-the-office/ http://www.infosecurity-magazine.com/view/25201/interview-tracy-andrew-field-fisher-waterhouse/ Q&A with Tracy Andrew, information security & compliance officer, Field Fisher Waterhouse LLP, and keynote speaker at Infosecurity Europe 2012 Tue, 17 Apr 2012 15:27:00 GMT http://www.infosecurity-magazine.com/view/25201/interview-tracy-andrew-field-fisher-waterhouse/ http://www.infosecurity-magazine.com/view/25167/comment-you-are-the-weakest-link-in-the-data-protection-chain/ Information is the lifeblood of any organization, and in today’s world, we must ensure it is properly protected. There are a multitude of technological methods to secure our information, but any chain is only as strong as its weakest link says Richard Hall of CS Risk Management Mon, 16 Apr 2012 17:29:00 GMT http://www.infosecurity-magazine.com/view/25167/comment-you-are-the-weakest-link-in-the-data-protection-chain/ http://www.infosecurity-magazine.com/view/25163/easily-enhancing-the-security-of-mobile-devices/ ISACA advisor John P. Pironti outlines five easy steps that will promote more secure use of mobile devices Mon, 16 Apr 2012 14:59:00 GMT http://www.infosecurity-magazine.com/view/25163/easily-enhancing-the-security-of-mobile-devices/ http://www.infosecurity-magazine.com/view/25114/comment-under-byod-pressure/ Feeling pressure to implement a BYOD strategy? Start getting ready now, because BYOD is inevitable. But don’t pull the trigger on that shiny new miracle solution before you’ve covered the basics and know that it is right for you says Rory Higgins of Mancala Networks Thu, 12 Apr 2012 16:19:00 GMT http://www.infosecurity-magazine.com/view/25114/comment-under-byod-pressure/ http://www.infosecurity-magazine.com/view/25062/comment-the-eu-cloud-computing-and-security/ HP’s Prescott Winter gives his perspective regarding developments in cloud computing and security within the European Union Wed, 11 Apr 2012 10:00:00 GMT http://www.infosecurity-magazine.com/view/25062/comment-the-eu-cloud-computing-and-security/ http://www.infosecurity-magazine.com/view/25028/comment-yes-to-privacy-and-yes-to-internet-surveillance/ By comparing protective measures in the real world with cyberspace protection, Tim Watson of De Montfort University discusses privacy versus security and the new internet surveillance powers proposed by the UK government. Watson argues that both privacy and security could be enhanced by increasing internet surveillance Tue, 10 Apr 2012 10:00:00 GMT http://www.infosecurity-magazine.com/view/25028/comment-yes-to-privacy-and-yes-to-internet-surveillance/ http://www.infosecurity-magazine.com/view/25012/interview-microsofts-steve-lipner/ Microsoft still gets mixed reviews from the information security community. Steve Lipner, however, does not. Eleanor Dallaway met Lipner at the recent RSA Conference in San Francisco and discovered that actually, he may just be one of the best things to have happened to the software giant Tue, 10 Apr 2012 09:00:00 GMT http://www.infosecurity-magazine.com/view/25012/interview-microsofts-steve-lipner/ http://www.infosecurity-magazine.com/view/25010/comment-rebalancing-the-security-portfolio/ Are security budgets addicted to anti-virus at the expense of more immediate and emerging threats? Imperva’s Rob Rachwald explains why its time to shift the focus Fri, 06 Apr 2012 11:00:00 GMT http://www.infosecurity-magazine.com/view/25010/comment-rebalancing-the-security-portfolio/ http://www.infosecurity-magazine.com/view/24987/comment-botnets-the-dark-side-of-cloud-computing/ Botnets pose a serious threat to your network, your business, your partners and your customers. Botnets rival the power of today’s most powerful cloud computing platforms, but these “dark” clouds are controlled by cybercriminals. Angelo Comazzetto at Sophos discusses the risks of botnet infection, and how businesses can protect themselves Wed, 04 Apr 2012 19:44:00 GMT http://www.infosecurity-magazine.com/view/24987/comment-botnets-the-dark-side-of-cloud-computing/ http://www.infosecurity-magazine.com/view/24957/comment-what-the-presidential-candidates-arent-talking-about/ According to the FBI and Director of National Intelligence, cyber threats will soon be our largest worry. Given this, Peter George of Fidelis Security Systems wonders why the major presidential candidates aren’t talking about cybersecurity. The lack of discussion on this issue, he says, would seem disproportionate given its potential severity Wed, 04 Apr 2012 12:00:00 GMT http://www.infosecurity-magazine.com/view/24957/comment-what-the-presidential-candidates-arent-talking-about/ http://www.infosecurity-magazine.com/view/24905/the-web-of-piracy/ Proposals to curb online piracy in the US boiled over into high-profile digital protests this past winter. Drew Amorosi examines what the fuss is all about Mon, 02 Apr 2012 15:59:00 GMT http://www.infosecurity-magazine.com/view/24905/the-web-of-piracy/ http://www.infosecurity-magazine.com/view/24867/comment-mobile-security-shapes-up-/ What are the options for data security managers as the network periphery expands? Steven Sprague of Wave Systems explores the possibilities Fri, 30 Mar 2012 17:00:00 GMT http://www.infosecurity-magazine.com/view/24867/comment-mobile-security-shapes-up-/ http://www.infosecurity-magazine.com/view/24866/comment-getting-the-right-balance-proactive-and-reactive-it-security/ The open nature of the web has led to a rapidly changing threat landscape. John Stock with Outpost24 discusses how to address the balance of proactive and reactive security to protect against vulnerabilities in today’s environment Fri, 30 Mar 2012 14:47:00 GMT http://www.infosecurity-magazine.com/view/24866/comment-getting-the-right-balance-proactive-and-reactive-it-security/ http://www.infosecurity-magazine.com/view/24809/comment-businesses-need-to-wake-up-to-open-wireless-access-risks/ Cryptzone’s Peter Davin explains how a Massachusetts federal copyright lawsuit will – hopefully - wake companies to the serious risks they run by ignoring wireless security issues Wed, 28 Mar 2012 16:40:00 GMT http://www.infosecurity-magazine.com/view/24809/comment-businesses-need-to-wake-up-to-open-wireless-access-risks/ http://www.infosecurity-magazine.com/view/24754/a-guide-to-managed-security/ The days when IT departments would purchase a separate in-house appliance for each security function are fading quickly. In its wake are vendors offering unified threat management packages, and cloud-based security-as-a-service. Ted Kritsonis discovers that the only real drawback to managed security is finding a provider you can trust Mon, 26 Mar 2012 15:13:00 GMT http://www.infosecurity-magazine.com/view/24754/a-guide-to-managed-security/ http://www.infosecurity-magazine.com/view/24743/comment-perfect-partners-secure-social-and-the-cloud/ HighQ’s Stuart Barr looks at two of the hottest topics in technology today – social software and cloud computing. He examines the inherent risks of cloud-based social software and gives practical advice as to how security-conscience enterprises can still take advantage of these innovations Fri, 23 Mar 2012 16:39:00 GMT http://www.infosecurity-magazine.com/view/24743/comment-perfect-partners-secure-social-and-the-cloud/ http://www.infosecurity-magazine.com/view/24735/comment-the-future-of-network-security/ A quiet revolution – where the concept of identity becomes as much a part of the network fabric as the humble IP address itself – is gathering momentum. Using a simple "Magic Key" analogy, BlackRidge Technology’s James Rendell provides a glimpse of the future and explains the implications of transforming from address-based to identity-based network security Fri, 23 Mar 2012 13:36:00 GMT http://www.infosecurity-magazine.com/view/24735/comment-the-future-of-network-security/ http://www.infosecurity-magazine.com/view/24723/comment-organizations-must-keep-up-with-new-compliance-regulations/ Guy Churchward of LogLogic addresses the compliance challenges for 2012 and how enterprises need to respond Thu, 22 Mar 2012 15:37:00 GMT http://www.infosecurity-magazine.com/view/24723/comment-organizations-must-keep-up-with-new-compliance-regulations/ http://www.infosecurity-magazine.com/view/24619/a-work-in-progress-consolidation-in-the-security-market/ As the fog of worldwide recession lifts, cash flush security and hardware vendors have found themselves with money to burn. Stephen Pritchard examines how mergers and acquisitions are shaping the information security industry Mon, 19 Mar 2012 12:30:00 GMT http://www.infosecurity-magazine.com/view/24619/a-work-in-progress-consolidation-in-the-security-market/ http://www.infosecurity-magazine.com/view/24605/comment-managing-authentication-in-heterogeneous-environments-/ SafeNet’s Gary Clark outlines the layered approach necessary for secure digital identities in cloudy, mobile ecosystems Fri, 16 Mar 2012 16:39:00 GMT http://www.infosecurity-magazine.com/view/24605/comment-managing-authentication-in-heterogeneous-environments-/ http://www.infosecurity-magazine.com/view/24578/comment-information-assurance-professionals-you-are-competent-but-are-you-certified/ A new certification scheme has been developed for information assurance professionals to help the UK Government meet its cybersecurity objectives. The APM Group’s Richard Pharro looks at why the scheme has been developed, what benefits it will bring to the industry, and how people working in IA are assessed Thu, 15 Mar 2012 16:15:00 GMT http://www.infosecurity-magazine.com/view/24578/comment-information-assurance-professionals-you-are-competent-but-are-you-certified/ http://www.infosecurity-magazine.com/view/24533/comment-proposed-eu-data-protection-revisions-good-for-businesses-and-individuals/ Sarb Sembhi of consultancy Incoming Thought sees the proposed revisions to the EU Data Protection Directive as a win-win situation Wed, 14 Mar 2012 13:12:00 GMT http://www.infosecurity-magazine.com/view/24533/comment-proposed-eu-data-protection-revisions-good-for-businesses-and-individuals/ http://www.infosecurity-magazine.com/view/24532/comment-building-a-fence-around-data-and-the-eu/ The proposed revisions to the EU Data Protection Directive will mean that global organizations must have a strong "on the ground" presence in Europe. That's according to the University of Milan's Marco Cremonini Wed, 14 Mar 2012 12:51:00 GMT http://www.infosecurity-magazine.com/view/24532/comment-building-a-fence-around-data-and-the-eu/ http://www.infosecurity-magazine.com/view/24446/comment-intelligent-it-choices-will-prevent-disaster/ The recent European Disaster Recovery survey 2011, conducted by EMC², highlights the prevalence of companies that lack a robust disaster recovery strategy, with 54% of those surveyed suffering data loss and system downtime within the last year. If businesses are to minimize the detrimental impact of an IT system failure, intelligent IT choices need to be made, argues Richard Barker of Sovereign Business Integration Tue, 13 Mar 2012 09:30:00 GMT http://www.infosecurity-magazine.com/view/24446/comment-intelligent-it-choices-will-prevent-disaster/ http://www.infosecurity-magazine.com/view/24445/welcoming-apple-to-the-malware-party/ Conventional wisdom says that, due to its smaller market share, the Mac OS X is far less susceptible to security threats than its operating system counterparts. But times are changing – along with Apple’s market share – which prompted Esther Shein to explore the myth that the Mac OS X is still immune to today’s malware threats Mon, 12 Mar 2012 12:00:00 GMT http://www.infosecurity-magazine.com/view/24445/welcoming-apple-to-the-malware-party/ http://www.infosecurity-magazine.com/view/24436/comment-passwords-are-now-past-their-best/ Phil Robinson of Digital Assurance shares his views about the growing dependence upon passwords and looks at management methods and technical alternatives to improve upon them Fri, 09 Mar 2012 13:52:00 GMT http://www.infosecurity-magazine.com/view/24436/comment-passwords-are-now-past-their-best/ http://www.infosecurity-magazine.com/view/24407/the-anatomy-of-id-theft/ There are several ways to hijack one’s identity in today’s world. Wendy M. Grossman explores a few of the possibilities, and some of the defense mechanisms Thu, 08 Mar 2012 13:40:00 GMT http://www.infosecurity-magazine.com/view/24407/the-anatomy-of-id-theft/ http://www.infosecurity-magazine.com/view/24130/comment-dont-compromise-on-visibility-speed-or-security/ Stream-based deep packet inspection (DPI) is faster and easier to deploy, manage and update when compared with proxy-based DPI. That’s according to SonicWALL’s Andrew Walker-Brown Thu, 01 Mar 2012 12:30:00 GMT http://www.infosecurity-magazine.com/view/24130/comment-dont-compromise-on-visibility-speed-or-security/ http://www.infosecurity-magazine.com/view/24128/time-to-get-smart-about-portable-device-security/ Portable devices are smarter than ever, but can the same be said of users? Steve Durbin, global vice president of the Information Security Forum (ISF), discusses what information security professionals can do to ensure users appreciate – and address – the potential dangers of unsecured devices and risky usage outside the workplace Wed, 29 Feb 2012 12:30:00 GMT http://www.infosecurity-magazine.com/view/24128/time-to-get-smart-about-portable-device-security/ http://www.infosecurity-magazine.com/view/24129/comment-realizing-business-value-from-access-risk-management/ Courion’s Dave Fowler argues that the industry needs to rethink its approach to access risk management and embrace the development of next-generation identity and access management solutions that are easy to deploy, offer quick return on investment and enable organizations to better understand and manage access risk Tue, 28 Feb 2012 12:30:00 GMT http://www.infosecurity-magazine.com/view/24129/comment-realizing-business-value-from-access-risk-management/ http://www.infosecurity-magazine.com/view/24127/ipads-to-bring-or-not-to-bring/ Techies, early adopters, and your company’s executives – they are the front line of new consumer devices in the workplace. With the iPad being the hottest and most groundbreaking among them, Davey Winder wonders whether security professionals should tell their CEOs to leave that new tablet at home Mon, 27 Feb 2012 12:30:00 GMT http://www.infosecurity-magazine.com/view/24127/ipads-to-bring-or-not-to-bring/ http://www.infosecurity-magazine.com/view/24078/comment-a-security-culture-requires-leadership-from-the-top-down/ To grow an effective ‘security culture’ in your organization, infosec managers must get their management to set the proper example, says consultant Gregor Campbell Thu, 23 Feb 2012 09:30:00 GMT http://www.infosecurity-magazine.com/view/24078/comment-a-security-culture-requires-leadership-from-the-top-down/ http://www.infosecurity-magazine.com/view/24021/tablet-security-a-bitter-pill/ Everyone wants a tablet, but securing them is a challenge, warns Danny Bradbury Tue, 21 Feb 2012 09:30:00 GMT http://www.infosecurity-magazine.com/view/24021/tablet-security-a-bitter-pill/ http://www.infosecurity-magazine.com/view/23946/comment-governance-is-key-to-managing-cloud-risk-/ Adopting cloud computing can save money, but good governance is needed to manage the risks, says analyst Mike Small Wed, 15 Feb 2012 16:22:00 GMT http://www.infosecurity-magazine.com/view/23946/comment-governance-is-key-to-managing-cloud-risk-/ http://www.infosecurity-magazine.com/view/23887/interview-eas-spencer-mott-/ From London’s Metropolitan Police to VP and CISO at Electronic Arts, Spencer Mott has had a colorful career with little end in sight. Here, he talks to Eleanor Dallaway about what the information security industry is up against, how the Sony breach impacted the whole industry, and how EA suffered a breach of its own in 2011 Tue, 14 Feb 2012 09:00:00 GMT http://www.infosecurity-magazine.com/view/23887/interview-eas-spencer-mott-/ http://www.infosecurity-magazine.com/view/23802/comment-piracy-the-real-winner-in-war-against-sopa/ Not all provisions written in the original draft of SOPA were as bad as hype suggested; claims of it fueling Internet censorship are grossly exaggerated if you read its core provisions. Piracy is a multi-billion dollar problem that needs federal intervention, says GuardTime’s Mike Gault Thu, 09 Feb 2012 15:56:00 GMT http://www.infosecurity-magazine.com/view/23802/comment-piracy-the-real-winner-in-war-against-sopa/ http://www.infosecurity-magazine.com/view/23772/the-approaching-mobility-maelstrom/ Last year Drew Amorosi polled the Infosecurity editorial board on their predictions for 2011. This year he decided to broaden the sample and find out what the rest of the industry are talking about. What he received was an overdose of mobile security warnings Wed, 08 Feb 2012 16:20:00 GMT http://www.infosecurity-magazine.com/view/23772/the-approaching-mobility-maelstrom/ http://www.infosecurity-magazine.com/view/23614/comment-make-pci-dss-part-of-your-security-strategy/ Jeremy King, European director of the PCI Security Standards Council, describes how recent figures from the UK Cards Association showed PCI has been successful in decreasing the volume of card and bank account fraud Wed, 01 Feb 2012 15:17:00 GMT http://www.infosecurity-magazine.com/view/23614/comment-make-pci-dss-part-of-your-security-strategy/ http://www.infosecurity-magazine.com/view/23554/a-superior-infosec-education-/ As the information security industry becomes more coveted, Wendy M. Grossman takes a look at the university courses available to aspiring and competing infosec professionals on both sides of the Atlantic Tue, 31 Jan 2012 09:00:00 GMT http://www.infosecurity-magazine.com/view/23554/a-superior-infosec-education-/ http://www.infosecurity-magazine.com/view/23493/comment-apt-tops-security-risks-to-corporate-ip-in-2012/ Verdasys’ Bill Ledingham shares his insights on advanced persistent threats (APT) and offers steps companies can take to increase their cybersecurity Thu, 26 Jan 2012 16:00:00 GMT http://www.infosecurity-magazine.com/view/23493/comment-apt-tops-security-risks-to-corporate-ip-in-2012/ http://www.infosecurity-magazine.com/view/23473/can-security-and-privacy-coexist/ Should you have to give up privacy to get more security, or does one actually support the other? Danny Bradbury sounds out the experts Wed, 25 Jan 2012 15:26:00 GMT http://www.infosecurity-magazine.com/view/23473/can-security-and-privacy-coexist/ http://www.infosecurity-magazine.com/view/23341/comment-information-assurance-as-a-flexible-security-solution/ Chris Mayers of Citrix UK outlines how the public sector can meet confidentiality, integrity and availability requirements in the face of ongoing regulatory and technological change Thu, 19 Jan 2012 14:50:00 GMT http://www.infosecurity-magazine.com/view/23341/comment-information-assurance-as-a-flexible-security-solution/ http://www.infosecurity-magazine.com/view/23314/the-good-the-bad-and-the-ugly-insider-threats/ Whether intentional or unintentional, insider threats take many forms. The (ISC)² US Government Advisory Board Executive Writers Bureau examines this dichotomy and how it is being affected by both regulatory considerations, and the rapidly changing technology landscape Wed, 18 Jan 2012 16:12:00 GMT http://www.infosecurity-magazine.com/view/23314/the-good-the-bad-and-the-ugly-insider-threats/ http://www.infosecurity-magazine.com/view/23215/comment-information-management-policies-must-address-risk-of-human-error/ Christian Toon, head of Information Security at Iron Mountain Europe, considers the growing number of avoidable data breaches that involve paper documents and advises businesses how to minimize these risks by getting to grips with information handling, management, storage and secure destruction. Fri, 13 Jan 2012 16:31:00 GMT http://www.infosecurity-magazine.com/view/23215/comment-information-management-policies-must-address-risk-of-human-error/ http://www.infosecurity-magazine.com/view/23189/infosecurity-do-you-eat-your-own-dog-food/ How many traffic policemen never exceed the speed limit when off duty? How many vicars don’t swear? And how many IT security professionals practice what they preach? No, seriously, do you eat your own dog food? That’s the question Davey Winder has been asking of infosec professionals in an attempt to determine just how secure security experts really are away from the office Thu, 12 Jan 2012 14:43:00 GMT http://www.infosecurity-magazine.com/view/23189/infosecurity-do-you-eat-your-own-dog-food/ http://www.infosecurity-magazine.com/view/22802/comment-its-time-for-smartphone-security/ As the mobile market grows, so does mobile malware. Don DeBolt, director of threat research at internet security company Total Defense, discusses how IT practitioners and company employees can best stay safe by protecting themselves from mobile hacks, privacy concerns and more in a day and age when mobile malware is on the rise Tue, 20 Dec 2011 15:47:00 GMT http://www.infosecurity-magazine.com/view/22802/comment-its-time-for-smartphone-security/ http://www.infosecurity-magazine.com/view/22785/compliance-strategies-aka-alphabet-soup/ Does your organization follow a recipe, or simply ‘eye-up’ the ingredients to your compliance tick boxes? Fred Donovan taste-tests what is often viewed as the unsavory side of the information security profession Mon, 19 Dec 2011 14:39:00 GMT http://www.infosecurity-magazine.com/view/22785/compliance-strategies-aka-alphabet-soup/ http://www.infosecurity-magazine.com/view/22745/comment-data-governance-must-evolve-to-meet-growing-insider-threat/ Insider-driven data leaks are in the news every day, and unstructured data provides the biggest challenge for IT to secure and manage. Brian Vecci of Varonis Systems highlights key steps that organizations can take to measure and improve their data governance, and reduce data loss from insiders Fri, 16 Dec 2011 15:31:00 GMT http://www.infosecurity-magazine.com/view/22745/comment-data-governance-must-evolve-to-meet-growing-insider-threat/ http://www.infosecurity-magazine.com/view/22713/paging-doctor-compliance-/ With changes to the US healthcare system already underway – albeit at a snail’s pace – now is the perfect time to examine how the regulatory and compliance landscape may change with it. Esther Shein surveys the sector and seeks the proper prescription Thu, 15 Dec 2011 14:29:00 GMT http://www.infosecurity-magazine.com/view/22713/paging-doctor-compliance-/ http://www.infosecurity-magazine.com/view/22601/comment-get-your-moneys-worth-from-pci-pen-testing/ Orthus’ chief executive, Richard Hollis, says the responsibility for a comprehensive PCI pen test rests with the client – and it’s demands. Otherwise, your pen test could end up being worthless… Mon, 12 Dec 2011 18:29:00 GMT http://www.infosecurity-magazine.com/view/22601/comment-get-your-moneys-worth-from-pci-pen-testing/ http://www.infosecurity-magazine.com/view/22481/year-of-the-hack-/ Commonly referred to as the year of the hack, it is no secret what 2011 has become famous for in the information security industry. This year’s headlines, reports Fred Donovan, have been made up of data breaches, hacks, APT attacks and mergers and acquisitions Wed, 07 Dec 2011 12:30:00 GMT http://www.infosecurity-magazine.com/view/22481/year-of-the-hack-/ http://www.infosecurity-magazine.com/view/22473/comment-twofactor-authentication-world-of-the-token-necklace/ SecurEnvoy’s Andy Kemshall looks at the rise of two-factor authentication and why SMS-based technology is the key to strengthening vulnerable virtual applications and access points Tue, 06 Dec 2011 17:20:00 GMT http://www.infosecurity-magazine.com/view/22473/comment-twofactor-authentication-world-of-the-token-necklace/ http://www.infosecurity-magazine.com/view/22438/state-of-denial-the-chinese-cyber-threat/ Hackers exist almost anywhere there is an internet connection, yet the Chinese government continues to downplay their existence at home. Drew Amorosi takes a journey of enlightenment and seeks the truth Mon, 05 Dec 2011 15:49:00 GMT http://www.infosecurity-magazine.com/view/22438/state-of-denial-the-chinese-cyber-threat/ http://www.infosecurity-magazine.com/view/22361/comment-the-hard-cost-of-misunderstanding-least-privilege/ John Mutch and Brian Anderson unravel the common misunderstandings about privileged access that prevent organizations from better protecting their network perimeter from the risk of insider threat and negligence Wed, 30 Nov 2011 15:00:00 GMT http://www.infosecurity-magazine.com/view/22361/comment-the-hard-cost-of-misunderstanding-least-privilege/ http://www.infosecurity-magazine.com/view/22333/interview-hord-tipton-of-isc/ Within only a minute of sitting down with Hord Tipton, executive director of (ISC)², our own Eleanor Dallaway knew that the hour she had booked with him would not be adequate. You see, it’s impossible to capture the true essence of a man with a career that many can only dream of in 60 minutes. While they may have been short for time, Tipton certainly wasn’t short on stories Tue, 29 Nov 2011 15:50:00 GMT http://www.infosecurity-magazine.com/view/22333/interview-hord-tipton-of-isc/ http://www.infosecurity-magazine.com/view/22167/comment-where-the-ciso-should-sit-/ The CISO position is making a comeback, but if not strategically positioned in an organization, it can become a powerless figurehead – competing for mindshare and budget with other “functional” operations. Ed Adams of Security Innovation points out why a CISO can be far more effective if reporting to the CEO (or highest ranking risk officer) instead of the CIO Tue, 22 Nov 2011 12:30:00 GMT http://www.infosecurity-magazine.com/view/22167/comment-where-the-ciso-should-sit-/ http://www.infosecurity-magazine.com/view/22156/persistent-and-evasive-attacks-uncovered-/ APTs – and more recently AETs – have divided industry experts in opinion and often been used to scaremonger. Davey Winder reveals the truth behind the APT and AET headlines Mon, 21 Nov 2011 14:14:00 GMT http://www.infosecurity-magazine.com/view/22156/persistent-and-evasive-attacks-uncovered-/ http://www.infosecurity-magazine.com/view/21980/comment-breaching-its-way-through-congress-the-safe-data-act-/ Richard Moulds of Thales discusses the merits of the SAFE Data Act as it makes its way through the US Congress Thu, 17 Nov 2011 12:00:00 GMT http://www.infosecurity-magazine.com/view/21980/comment-breaching-its-way-through-congress-the-safe-data-act-/ http://www.infosecurity-magazine.com/view/21979/breaking-the-online-bank/ As technology and online behaviors change, so too do methods to compromise a person’s – or organization’s – most vital assets: their financial details. Ted Kritsonis examines how cyber thieves are adapting, and what the banks are doing to stop them Wed, 16 Nov 2011 12:00:00 GMT http://www.infosecurity-magazine.com/view/21979/breaking-the-online-bank/ http://www.infosecurity-magazine.com/view/21978/comment-myths-plague-perceptions-of-mobile-malware/ Trusteer’s Amit Klein takes a closer look at mobile malware, exploding the myths and dispelling the fantasies Tue, 15 Nov 2011 12:00:00 GMT http://www.infosecurity-magazine.com/view/21978/comment-myths-plague-perceptions-of-mobile-malware/ http://www.infosecurity-magazine.com/view/21977/security-education-a-lesson-learned/ Despite users being the most integral part of information security, only one to two percent of security budgets are being spent on awareness and education. Stephen Pritchard reports Mon, 14 Nov 2011 12:00:00 GMT http://www.infosecurity-magazine.com/view/21977/security-education-a-lesson-learned/ http://www.infosecurity-magazine.com/view/21905/comment-new-eu-eprivacy-legislation-why-you-should-act-now-/ George Thompson of KPMG IT Advisory explains why companies should act now in response to new e-privacy legislation, and the organizational and technical steps to consider Thu, 10 Nov 2011 12:00:00 GMT http://www.infosecurity-magazine.com/view/21905/comment-new-eu-eprivacy-legislation-why-you-should-act-now-/ http://www.infosecurity-magazine.com/view/21850/obstacles-facing-the-us-cybersecurity-initiatives-/ Although the US government is paying more attention than ever to the issue of cybersecurity, the recent battles in Washington over budgets and austerity measures mean that funding could potentially dry up in an instant. Fred Donovan surveys the experts to get their take on where the nation’s cybersecurity program is heading Wed, 09 Nov 2011 12:00:00 GMT http://www.infosecurity-magazine.com/view/21850/obstacles-facing-the-us-cybersecurity-initiatives-/ http://www.infosecurity-magazine.com/view/21873/comment-avoid-friend-or-foe-syndrome-with-your-it-auditor/ In a perfect world, the confidence and communication that exist between an organization and its IT security auditor might resemble the doctor–patient relationship. But when Philip Lieberman examines this critical aspect of IT security, he finds an increasingly troubled history – and makes some suggestions about how both sides can gain more from the partnership. Tue, 08 Nov 2011 12:00:00 GMT http://www.infosecurity-magazine.com/view/21873/comment-avoid-friend-or-foe-syndrome-with-your-it-auditor/ http://www.infosecurity-magazine.com/view/21849/crossing-borders-the-right-side-of-wrong-/ Most nations consider travel data to be crucial to protecting national security. How that data is collected, stored, and secured however seems to be a closely guarded secret. Wendy M. Grossman investigates Mon, 07 Nov 2011 12:00:00 GMT http://www.infosecurity-magazine.com/view/21849/crossing-borders-the-right-side-of-wrong-/ http://www.infosecurity-magazine.com/view/21748/comment-companies-lose-encryption-keys-and-security-in-the-amazon-cloud/ Jeff Hudson of Venafi discusses the importance of proper education and best practices for protecting SSL and SSH keys that secure the cloud Tue, 01 Nov 2011 16:45:00 GMT http://www.infosecurity-magazine.com/view/21748/comment-companies-lose-encryption-keys-and-security-in-the-amazon-cloud/ http://www.infosecurity-magazine.com/view/21708/the-spy-who-hacked-me/ James Bond was more of a jock than a nerd, and he probably wouldn’t have known how to use a computer, says Danny Bradbury. How things have changed… Mon, 31 Oct 2011 14:18:00 GMT http://www.infosecurity-magazine.com/view/21708/the-spy-who-hacked-me/ http://www.infosecurity-magazine.com/view/21643/comment-encryption-vendors-may-be-the-weakest-link/ Infosec analyst Matthew Pascucci examines the security incidents that have plagued encryption and authentication vendors this past year and calls on them to beef up their own in-house security, or face the possibility of sanctions Thu, 27 Oct 2011 15:30:00 GMT http://www.infosecurity-magazine.com/view/21643/comment-encryption-vendors-may-be-the-weakest-link/ http://www.infosecurity-magazine.com/view/21600/interview-unisys-patricia-titus-/ The road from Minnesota to Washington has many stops, especially when you take the scenic route. Drew Amorosi recently met Patricia Titus of Unisys to regale in her remarkable journey Wed, 26 Oct 2011 13:00:00 GMT http://www.infosecurity-magazine.com/view/21600/interview-unisys-patricia-titus-/ http://www.infosecurity-magazine.com/view/21530/comment-security-has-become-a-black-and-white-issue/ As cyber-attacks become increasingly sophisticated, Bimal Parmar of Faronics argues that organizations can no longer rely solely on traditional blacklist technologies, but must adopt a layered approach to endpoint security Tue, 25 Oct 2011 13:00:00 GMT http://www.infosecurity-magazine.com/view/21530/comment-security-has-become-a-black-and-white-issue/ http://www.infosecurity-magazine.com/view/21529/what-is-critical-to-your-infrastructure-/ Critical infrastructure means many things to many people. Adrian Davis, principal research analyst with the Information Security Forum (ISF), explains why determining which infrastructure elements are critical to a business is the first step in keeping them safe Mon, 24 Oct 2011 13:00:00 GMT http://www.infosecurity-magazine.com/view/21529/what-is-critical-to-your-infrastructure-/ http://www.infosecurity-magazine.com/view/21500/comment-password-reuse-equals-misuse/ A recent survey by Swivel Secure shows that 55% of people use the same password, or variations of one, to access all their online activities. Chris Russell examines the corporate risks of password reuse and emphasizes the need for multifactor authentication for accessing business critical data Thu, 20 Oct 2011 16:52:00 GMT http://www.infosecurity-magazine.com/view/21500/comment-password-reuse-equals-misuse/ http://www.infosecurity-magazine.com/view/21462/you-dirty-shady-rat/ The latest APT to come to light is what McAfee has dubbed ‘Shady RAT’. But the folks at Kaspersky have voiced some objections. Drew Amorosi examines the threat…and the controversy Wed, 19 Oct 2011 15:17:00 GMT http://www.infosecurity-magazine.com/view/21462/you-dirty-shady-rat/ http://www.infosecurity-magazine.com/view/21317/comment-cybergang-crackdown-cripples-malware-trafficfor-now/ This past summer’s FBI-coordinated crackdown on computer scareware companies virtually shut the fake security software business down, but without the implementation of tough, diverse preventative solutions, Enigma Software's Alvin Estevez says it might remain akin to nothing more than cutting off the head of a hydra Wed, 12 Oct 2011 17:20:00 GMT http://www.infosecurity-magazine.com/view/21317/comment-cybergang-crackdown-cripples-malware-trafficfor-now/ http://www.infosecurity-magazine.com/view/21232/the-state-of-smartphone-security-/ An awful lot of lip service has been paid to smartphone security. Whereas most industry experts agree that, to date at least, smartphone security threats are mainly hype, that doesn’t mean this won’t change. Davey Winder investigates… Tue, 11 Oct 2011 13:00:00 GMT http://www.infosecurity-magazine.com/view/21232/the-state-of-smartphone-security-/ http://www.infosecurity-magazine.com/view/21231/comment-implement-comprehensive-mobile-security-today-/ Mobility and consumerization mean that the landscape of the corporate IT estate is changing in ways that are making new demands of security professionals. Dave Everitt of Absolute Software explains why a multi-tiered security strategy is essential to overcome increased threats Mon, 10 Oct 2011 12:45:00 GMT http://www.infosecurity-magazine.com/view/21231/comment-implement-comprehensive-mobile-security-today-/ http://www.infosecurity-magazine.com/view/21167/security-vendors-trendsetters-or-trend-followers/ How far ahead of the curve – or behind it – are vendors when it comes to identifying security trends? Danny Bradbury finds out that the curve may not matter at all Thu, 06 Oct 2011 12:45:00 GMT http://www.infosecurity-magazine.com/view/21167/security-vendors-trendsetters-or-trend-followers/ http://www.infosecurity-magazine.com/view/21177/phone-hacking-scandal-whos-getting-the-message/ In the wake of the tabloid cellphone hacking scandal, have operators really closed all the loopholes that let snoopers intercept our communications? Jim Mortleman investigates Thu, 06 Oct 2011 10:44:00 GMT http://www.infosecurity-magazine.com/view/21177/phone-hacking-scandal-whos-getting-the-message/ http://www.infosecurity-magazine.com/view/21162/comment-its-time-to-take-apts-seriously/ Ross Brewer of LogRhythm explores the danger posed by advanced persistent threats, the rash of high-profile data breaches that have been making headlines this year, and the steps organizations should be taking to protect IT assets Wed, 05 Oct 2011 18:00:00 GMT http://www.infosecurity-magazine.com/view/21162/comment-its-time-to-take-apts-seriously/ http://www.infosecurity-magazine.com/view/21099/please-feed-the-bear-the-growing-russian-infosec-market/ The Russian information security market is thriving, fueled by a rise in cybercrime. Some foreign security firms, however, have found it difficult to break into the market. Fred Donovan explains why Tue, 04 Oct 2011 12:30:00 GMT http://www.infosecurity-magazine.com/view/21099/please-feed-the-bear-the-growing-russian-infosec-market/