Kroll Releases 2014 Cyber Security Forecast
Kroll today released its third annual Cyber Security Forecast, a prediction of the most significant cyber issues organizations will confront in 2014. The latest forecast highlights seven trends identified by Kroll and suggests that a changing tide in cyber standards, both social and legal, will require organizations to take stronger actions and safeguards to protect against reputational, financial and legal risks.
The Risk of an Uncertain Security Strategy
In spite of high-profile issues including LexisNexis and Evernote data breaches and the potential business impact of cyber attacks and data loss, small and mid-size organizations are not making cyber security a priority. Sophos and Ponemon Institute recently released Risk of an Uncertain Security Strategy, which reveals that security is not a key priority because IT is uncertain about their organizationís security strategy and the threats they face.
Leadership and Mentoring
This is an excerpt from The Four Components of a Fast-Paced Organization: Going Beyond Lean Sigma Tools by Robert Baird.
Creativity Life Cycle Models in Project Management
This is an excerpt from Creative, Efficient, and Effective Project Management by Ralph L. Kliem, PMP.
McAfee Labs Sees New Threats Subverting Digital Signature Validation
McAfee Labs today released the McAfee Labs Threats Report: Third Quarter 2013, which found new efforts to circumvent digital signature app validation on both PCs and Android-based devices. The McAfee Labs team identified a new family of mobile malware that allows an attacker to bypass the digital signature validation of apps on Android devices, which contributed to a 30 percent increase in Android-based malware. At the same time, traditional malware signed with digital signatures grew by 50 percent to more than 1.5 million samples. Less surprising but no less daunting was a 125 percent increase in spam.
This month's issue of IT Performance Improvement looks sat a different type of virtualization: Virtual teams.
Forensic Document Expertise
This chapter from Expert Bytes: Computer Expertise in Forensic Documents describes common scenarios in the work of forensic document examiners (FDEs), the objects they examine and the goals of the expertise. To calibrate their intended research projects, it is important that computer scientists know and understand what the issues are that FDEs have to solve.
Like securing networks, securing storage involves logical and physical approaches. Given that there are different types of storage devices, systems and mediums to support various applications and usage from high performance online to low cost removable, multiple approaches are needed. Protecting the end-points--on one side the applications and servers (virtual and physical) that access storage and on the other end the storage itself--is part of the solution. Also involved is protecting the network on a local and remote basis. More ...
Security for the Enterprise Mobile Device Life Cycle
This article explains the entire life cycle of enterprise mobile device solutions, involving everything from policy to operations. It references a five-phase life cycle model to help organizations determine at what point in their mobile device solution deployments a recommendation may be relevant. Organizations may follow a project management methodology or life cycle model that does not directly map to the phases in the model presented here, but the types of tasks in the methodology and their sequencing are probably similar.
Data Protection: Setting the Right Objectives
Recognizing where there may be problems in an organization's data protection strategy is not enough. Organizations need to understand what the right objectives for the risk management part of a data protection strategy should be. Setting the right objectives is critical, but not necessarily easy.
CA Security Council on Code Signing
Code signing certificates from publicly trusted Certification Authorities (CAs) fulfill a vital need for authentication of software distributed over the Internet in our interconnected world. The CA Security Council (CASC) is starting an education initiative around code signing. The use of code signing certificates is not as popular as using SSL certificates, but the risk might be greater. To start the initiative off, the group has posted a white paper that provides an overview of code signing, some configuration choices, and best practices.
Should You Trust the NSA?
Here's a prescient article from 2000 by Ben Rothke. The National Security Agency plays a paradoxical role in security and encryption. Since the efficacy of the NSA is largely due to its ability to decode messages, strong cryptography is clearly a major threat to that ability. Since the agency is also involved with the creation of encryption standards, several well-known security experts answer the question, "Should the NSA be trusted?"
Defining Addressing Social Media Security and Privacy Challenges
Addressing information security and privacy within business organizations has provided numerous additional challenges with recently introduced technologies and comparatively new online habits of individuals. It is important when planning to take advantage of those benefits to also know and understand the associated risks, both to privacy and to network and information security.
Recent Industry Acquisitions Highlight Need for Big Data Heuristics to Deliver the Next Generation of Security
Cisco's recent acquisition of Sourcefire, for a whopping $2.7 billion (a 78 times multiple of projected earnings) has brought a lot of attention to next-generation security. Given the huge premium, and the fact that Cisco already has its own IDS/IPS, it should be apparent that it wasn't Sourcefire's IDS/IPS technology Cisco was after. It was Sourcefire's next-generation threat detection capabilities.
Defining Enterprise and Transformation Challenges
This is an excerpt from Enterprise Dynamics Sourcebook edited by Kenneth C. Hoffman, Christopher G. Glazner, William J. Bunting, Leonard A. Wojcik, and Anne Cady.
Setting the Foundation of an Enterprise Architecture
This excerpt from Enterprise Architecture and Information Assurance: Developing a Secure Foundation by James A. Scholz looks at ten processes that are by-products of security as the foundation of am enterprise architecture.
For managers and team members alike, leadership skills are a must. The four articles in the August issue of IT Performance Improvement define leadership by exploring its characteristics. Jack Ferraroís article "Understanding Leadership" starts the issue. Stephen Andriole explains why it is important to be well-liked. Margaret Lee examines the challenges of leading virtual teams. Kerry Wills compares stewardship, ownership, and leadership.
The Role of Data Governance in an Organization
Developing an appropriate data strategy that fits the marketplace is one necessary ingredient for business success. Effective data governance reduces uncertainty and helps improve an organizationís performance. An organizationís ability to collect pertinent information and act on signals that others miss provides it a strategic advantage.
Just Published! Information Security Management Handbook, Sixth Edition, Volume 7
All-in-all, this is a good volume of the Information Security Management Handbook. We are working on the next, all new 7th edition now. If you would like to contribute, please contact me at 917-351-7146 or email@example.com.
Taming the "21st Century's Wild West" of Cyberspace
The world faces unprecedented risks across the Internet in what has become known as "The 21st Century's Wild West," where attacks on computer systems and networks are generally conducted with the complete anonymity and impunity for those perpetrating these acts. Establishing a robust system of monitoring, controls, and sanctions to ensure that the Internet functions as a trusted and heavily defended environment that fosters cooperation, collaboration, and commerce will have a dramatic effect on the stability, viability, and resilience of our interconnected global economy.
Cell Phone Defense
Your cellular telephone has three major security vulnerabilities: being monitored while using the phone; being turned into a microphone, even when turned off; and being cloned. This memo from the USDA explains how the vulnerabilities and how they work, and also provides a list of simple defenses; the simplest being turn off the phone and remove the battery.
Debunking the Myths about CAs and SSL Certificates
Over the years a few misconceptions about CAs and the SSL infrastructure have arisen. Despite reports and scare tactics about the collapse of the SSL/CA model, the CA Security Council (CASC) is here to set the record straight and dispel the myths of the industry. Here are nine myths and facts about CAs and SSL certificates.
An Ethics for the New (and Old) Surveillance
As the recent revelations about the NSA's Prism and Tempora programs shows, new surveillance technologies and various forms of electronic location monitoring raise important social, political, and cultural questions. This chapter suggests concepts to order the rich variation the topic offers across kinds of tools for collecting personal information and across various contexts regardless of whether they involve national security, work, commerce, family, or friends.
Enabling Pain-Free SSL Certificate Management
According to a recent Certificate Management Survey conducted by Symantec, one of the most significant issues facing businesses today is the sheer number of certificates there are to manage. In fact, organizations are now managing nearly 2,000 certificates on average. One-third of companies surveyed felt that their certificate catalogue is less than somewhat accurate. The average organization ended up losing $222,000 just in the last year due to a variety of certificate-related mishaps. This article provides best practices to effectively manage SSL certificates in order to maintain positive company perception and revenue.
The July issue of IT Performance Improvement focuses on mobile security. Among the many articles are "Evolution of Mobile Threats," "Mobile Security Issues," "Effective Physical Security of a Mobile Device," and "Security for the Enterprise Mobile Device Life Cycle."
Call for Book Chapters--Cryptography: Algorithms and Implementations Using C++
The main objective of this book is not only to describe the state of art cryptographic algorithms, but also to demonstrate how they can be implemented using a programming language; i.e., C++. Generally, books that discuss cryptographic algorithms do not elaborate the implementation issues. Therefore, a gap between the understanding and the implementation remains unattained. The motivation of this book is to seal that leakage and to educate someone in such way that he will be capable of developing and implementing his own designed cryptographic algorithm.
Green Servers and Data Centers
This chapter describes how to green your data centers and servers by choosing green suppliers when you buy in data center services. It explains why you should start now, and discusses planning buildings, power supplies, and servers, storage, and networking.
Before You Take Your Next Trip
I don't know if you've ever read Stratfor's guidance on personal security, such as "Taming Chaos with a Personal Plan," but this new book, Personal Security: A Guide for International Travelers, provides a comprehensive approach to personal security and safety when travelling, or even while at home. To support your pre-trip preparations, this chapter, "Before You Go," maps out expert advice and lessons from real life cases to give you insights into basic planning questions.
There has been a wide interest in the secure design and implementation of smart grid systems. The SCADA system is on of the most important legacy systems of the smart grid systems. In this excerpt, the authors demonstrate the challenges to secure the current automation systems, such as SCADA systems, with examples.
Wireless Network Security: An Overview
Wherever wireless networks are deployed, security vulnerability will always exist. Security attacks and vulnerabilities can only be mitigated if best practices, as well as correct policies and standards, are used. This chapter discusses some of the important and best practices that can be implemented for improving mobile and wireless security. Wireless security will continue to be a research topic as long as there are ways to attack or obtain unauthorized access to wireless networks.
Top Three Cybersecurity Game Changers Identified
We all know cybercrime is on the rise, but it will grow even faster if organizations ignore an emerging group of cybersecurity game changers: always-on connectivity, an increasingly IT-centric society, and a new class system that separates people by technology skills. The three game changers provide both motive and opportunity for cybersecurity breaches and criminal activities, especially advanced persistent threats (APT), if ignored.
Data Leakage in a Google World
We all use Google (or other search engines) to help us quickly find the data we are looking for. However, have search engines created a whole new data leakage threat? This is an analysis on how these search engines work and how it makes it easier for hackers to get your sensitive data. The authors have also provided some tips to mitigate getting your data stolen on the web.
5 Common IT Administrator Mistakes That Lead to Data Loss
Given the complexity and capacity of advanced storage devices and the criticality of organizational data, documentation and best practice implementation are critical when it comes to protecting data. Here are the five of the most common IT administrator mistakes that can lead to data loss.
The Top 5 Brilliant Things the Cloud Can Deliver (If You Get Your Security Right)
Everyone has an opinion about the 'Cloud' and its effect on business - some believe it is dark and scary and fraught with unnecessary risk, while others would argue its silver lined and the path to greater business performance and cost savings. The truth is that the Cloud undeniably has the potential to open up a whole new dimension of opportunities to businesses, but only if data security is properly addressed.
Effective Surveillance for Homeland Security: Balancing Technology and Social Issues
Since the September 11th attacks, the scientific and engineering communities have been called upon to help the world respond to security challenges. This volume focuses on challenges involving multidisciplinary problem analysis and systems engineering approaches to security. It presents a comprehensive survey of state-of-the-art methods for the surveillance and protection of citizens and critical infrastructure against both natural and deliberate threats. The first section analyzes technical issues related to surveillance. Next, the book examines legislative, organization, and management issues with a specific emphasis on privacy concerns. Finally, the contributors discuss innovative solutions and new research topics garnering heightened attention.
The Complete Book of Data Anonymization: From Planning to Implementation
Data anonymization provides a systematic and integrated approach to privacy protection that goes far beyond simple data-masking or network security from external or internal theft. Discussing the analysis, planning, set-up, and governance, this timely manual illuminates the entire process of adapting and implementing anonymization tools and programs to increase the success of privacy protection in vulnerable organizations. Providing a 360 degree view of data privacy protection, it details data anonymization patterns, automation/tool capabilities, and the key factors for success in disguising the person behind the data.
Video Series Available for Introduction to Security and Network Forensics
Bill Buchanan, author of Introduction to Security and Network Forensics, has created a series of videos to accompany the textbook. There is a video for each chapter, as well as many of the labs. Still, you really should read the book.
Overview of Data Anonymization
This is an excerpt from The Complete Book of Data Anonymization: From Planning to Implementation by Balaji Raghunathan.
IT Security's 50 Shades of Gray
It's the disparity between theoretical approaches and real-life operations that makes it necessary to approach whitelisting with pragmatism. Because right now the major problem with whitelisting is that it is very expensive from the point of view of human involvement. You can't completely eliminate that expense, but you can at least minimize it by keeping user workflows unimpeded while the decision-makers look closely into those 50 shades of gray.
Twenty Critical Security Controls, Part 3: Malware Defenses and Application Security
The first installment of this series covered the "Inventory of Authorized and Unauthorized Devices" and the "Inventory of Authorized and Unauthorized Software." The second article covered two more Controls designed to offer guidance on managing secure hardware and software configurations on a variety of devices, as well as the implementation of continuous vulnerability assessments and remediation efforts. Itís time to take a closer look at Controls 5 and 6 of the CSIS 20 Critical Security Controls, which deal with malware defenses and application security, respectively.
Twenty Critical Security Controls, Part 2: Configurations and Vulnerability Assessments
The Center for Strategic and International Studies (CSIS) recently released Version 4 of the Twenty Critical Security Controls. The critical controls identified by the workgroup focus on four basic tenets. This article looks at two more Controls designed to offer guidance on managing secure hardware and software configurations on a variety of devices, as well as implementing continuous vulnerability assessments and remediation efforts.
Twenty Critical Security Controls: Part 1
The Center for Strategic and International Studies (CSIS) recently released Version 4 of the Twenty Critical Security Controls. The critical controls identified by the workgroup focus on four basic tenets. This series of three articles is intended to highlight the specific requirements you need to understand, and can later be used as a checklist.
Verizon's 2013 Data Breach Investigations Report
"This yearís DBIR combines the expertise of 19 organizations from around the globe. Download the report to discover stats that might surprise you, from the percentage of espionage-related attacks to the astonishing length of time it often takes to spot a security breach. By knowing todayís threats, you can better protect your organization tomorrow."
What Security Managers Can Learn from Brazil: Frontline in the Global Cyber Wars
Brazil is now the number one country in the world for the use of banking malware. The high levels of e-commerce in Europe and the low levels of security often involved suggest that this is likely to be a prime target for Brazilian cyber criminals, and the organizations that buy the data they steal.
Android Security: Attacks and Defenses
Starting with an introduction to Android architecture and applications, this book covers security features and issues
specific to Android (platform and applications), including possible attacks and means to prevent them. Authors Anmol Misra and Abhishek Dubey describe mobile devices pen-testing methodology and techniques for DLP (Data Leak Prevention). They also discusses advanced topics including reverse engineering and forensics, malware analysis, secure coding and hardening guidelines for Android, and how to perform threat modeling for Android mobile devices/applications and incorporate them into enterprise SDLC processes.
Symantec Internet Security Threat Report Reveals Increase in Cyberespionage
Symantecís Internet Security Threat Report, Volume 18 (ISTR) today revealed a 42 percent surge during 2012 in targeted attacks compared to the prior year. Designed to steal intellectual property, these targeted cyberespionage attacks are increasingly hitting the manufacturing sector as well as small businesses, which are the target of 31 percent of these attacks. Small businesses are attractive targets themselves and a way in to ultimately reach larger companies via "watering hole" techniques. In addition, consumers remain vulnerable to ransomware and mobile threats, particularly on the Android platform.
How Cybercriminals Are Exploiting Bitcoin and Other Virtual Currencies
Here is a detailed analysis from Jaime Blasco, Labs Director at AlienVault, regarding the virtual currency, Bitcoin, and how cybercriminals are exploiting this currency.
Authentication: The Text Factor
Lars Nielsen of SMS PASSCODE explains why multi-factor authentication is moving from traditional token-based preset codes to real-time connected and mobile systems, and the provisioning and security benefits this offers.
System State Intelligence and the Intrusion Kill Chain
In kill chain analysis, an attacker has to progress through stages before they achieve their objective, and it takes just one successful mitigation effort to thwart the attacker. SSI can increase the timeliness and accuracy of security incident detection efforts and increase the overall effectiveness of all network security tools.
Segmentation and the Private Cloud
From a security perspective, you have to consider how you want to physically segment your network. Cloud computing pushes the economy of scale, and that is typically achieved by setting up a single virtual cluster for all your computing needs. However, security requirements might dictate a different agenda of pooling your computing and storage resources. It might also drive your decision making around firewall technology, and where to draw the physical fences versus virtual ones. This is an excerpt from Securing Cloud and Mobility: A Practitionerís Guide by Ian Lim, E. Coleen Coolidge, and Paul Hourani.
The CISO as the Man-in-the-Middle
The CISO has become the new Man-in-the-Middle, increasingly caught between the Executive World where he must effectively connect security to the business, and the more familiar Technical World where the CISO must continue to effectively communicate in terms of controls and benchmarks.
Combating Cyber-Attacks Against the Financial Community
News media in the U.S. are abuzz with stories about cyber-attacks on top banks as financial institutions emerge as the prime targets of cyber-criminals. Reports suggest that since September 2012, cyber-attacks on bank networks have exploded. Cyber-criminals are now siphoning off login credentials of employees and administrative passwords of IT resources, using techniques that include spam and phishing emails, keystroke loggers, and Remote Access Trojans (RAT). Bolstering internal controls as detailed in this article will ensure that privileged identities will not be compromised; even if a hacker manages to penetrate the perimeter. Similarly, they will mitigate threats due to attacks by malicious insiders.
Cyber Security Challenges in 2013
This article discusses the key three cyber security challenges for this year: Increase in Exploit Kits, an increase in mobile device cyber-security threats and an increase in sophistication of threats. Then it outlines how businesses can combat these attacks, providing useful security tips.
Information Security Policy Development for Compliance: ISO/IEC 27001, NIST SP 800-53, HIPAA Standard, PCI DSS V2.0, and AUP V5.0
Compliance standards, of which there are many, can be and should be used as a guide to write comprehensive and effective security policies. Many standards cover much of the same topics, but state the requirements in a slightly different way. This book provides a simplified way to write policies that meet the major regulatory requirements, without having to manually look up each and every control. It supplies a way to address the regulatory requirements of the organization by writing policy statements that address these requirements.
The Next Cybersecurity Threat Cycle Is Here. Are You Prepared?
The first PC viruses appeared more than 25 years ago. Little did we realize that this was just the beginning of what would become a series of threat waves. Today, we find ourselves combatting advanced malware, targeted attacks and advanced persistent threats (APTs). This article discusses how you can raise your game to defeat this new class of attackers.
The Hunt for Red October: 2013's Sequel
The recent "Red October" wave of concerted cyber assaults demonstrates that social engineering is by far the most potent tool in the hacker's arsenal. These attacks occur nearly every day and are often successful, regardless of technical controls and countermeasures deployed within corporate networks. This article discusses the attacks and the ways in which your enterprise can protect its assets.
Handbook of SCADA and Control Systems Security
The availability and security of many services we rely upon are routinely put at risk by cyber threats. This new book outlines security concepts, methodologies, and relevant information pertaining to SCADA systems and technology that quietly operate in the background of utility and industrial facilities worldwide. The book supplies information for securing industrial automation/process control systems as part of a critical infrastructure protection program. The authors present a best practices approach to securing business management environments at the strategic, tactical, and operational levels.
How a Simple Storyboard Helps Command Attention and Get Results (Virtually)
You're in the process of designing your presentation and creating your meeting agenda. Since you will be leading the meeting from a conference room with several of the senior leaders, with others participating from various locations, you know that a critical success factor will be keeping everyone absorbed, engaged and enthusiastically participating in a productive dialogue. In the article, Nancy Settle-Murphy and Sheryl Lindsell-Roberts offer practical approaches for presenting important recommendations that grab and keep peoples' attention, wherever they are.
Check out Nancy's new book, Leading Effective Virtual Teams: Overcoming Time and Distance to Achieve Exceptional Results
Why One-Size-Fits-All Web Content Filtering Doesnít Work: Setting New Web Access Policies with Next-Generation Web Filters
The Internet is an essential tool, but it also presents risks to productivity, e-safety and network security. Web filtering provides powerful tools to address these issues, but taking a "one-size-fits-all" approach isn't enough to meet the dynamic and diverse needs of most organizations. Instead, a genuine real-time Web filtering solution is needed to ensure categorization and filtering of Web page content keeps up to date with the ever-growing Internet.
Is DNA Really Personally Identifiable Information (PII)? No. Maybe? Yes!
Biometric data is at the limits of what current personal data privacy laws consider worthy of protection. This type of identifier covers fingerprints, voiceprints, and facial images. While the risk factors are not nearly as threatening to consumers as more traditional PII, they do exist. Until recently, the dangers of biometric identification using DNA were more theoretical than real. That has suddenly changed. This article looks at the risk factors of biometric identification using DNA.
Virtualization Needs Physical Consideration
Why do people seem all too happy to do things in the virtual world they would never dream of doing in the real world? Organizations are happy to hand over bunches of keys that open every sensitive file and expose the softer underbelly of the network. Why do they do that? This article, written by Andrew Avanessian, Avectoís VP of Professional Services, explores this and offers a virtual solution to the physical problems.
Effective Physical Security of a Mobile Device
This article explores the idea that it is impossible to provide effective physical security of a mobile device while using todayís technology and training practices. It discusses current mobile security technologies, and their limitations, and presents potential new future to solve the problems. Finally, it proposes a solution that utilizes many different aspects of security measures to provide the best protection.
Demystifying the Black Art of Keeping Data Secure: Enterprise Key and Certificate Management
Given the proliferation of valuable and often regulated information, organizations strive to carefully conceal it behind the best security technologies available. However, data remains only as secure as the encryption keys and certificates that safeguard it. And here lies the problem: enterprise key and certificate management (EKCM) is extremely complex. With hundreds of different companies providing these services, and even variable technologies used internally within organisations, EKCM is considered by those working in the IT space as a black art. Venafiís EMEA Director Calum MacLeod takes a closer look at whatís needed to master this discipline.
Building Trust Calls for Different Approaches Across Different Cultures
This article, the first of a series, focuses on how different attributes, behaviors and attitudes are seen as trustworthy (or not) by a handful of cultures. Although it's true that all people deserve to be treated as individuals, virtual team leaders can accelerate the process of building trust across their teams by understanding certain patterns of behaviors within cultures.
Check out Nancy's new book, Leading Effective Virtual Teams: Overcoming Time and Distance to Achieve Exceptional Results
6 Next-Generation Firewall Policy Tips to Secure the Perimeter in the Application Age
This article explains why you need to understand what applications are needed by what users and provide access without slowing down business productivity and without opening security gaps for data leakage or malware. It also provide six next-gen firewall policy tips to secure the perimeter in the Ďapplication age.
2013 Predictions Countdown from Infosecurity Europe
Itís the time of year again when IT security experts predict what the next year will bring. Here are some predictions and trends that Infosecurity Europe exhibitors expect to see in 2013.
Data Leakage: This Time It's Personal
Almost daily the media report of confidential information being disposed of in park bins, laptops being found in taxis, and passwords being published on the Internet. While this is undoubtedly concerning, the findings from a global security study on data leakage have revealed that the data loss resulting from employee behaviour poses a much more extensive threat than many IT professionals believe. Here are some steps you can take to tackle data leakage.
How to Get Promoted in IT Security
It's hard enough these days to get a job. Getting promoted once you're there is even harder. This article highlights four areas that will help you get ahead.
Is Your Company Fair Game for a Spear Phishing Attack?
This article from PhishMe looks at how to spot and protect against spear phishing attacks. After explaining what spear phishing is, it provides tips about what sort of things in emails should raise a red flag, both in terms of the sender and the content, and recommendations for the procedures that companies and employees should follow.
Data Protection: One for All and All for One?
This article by Joanne Rogers of CS Risk Management looks at how the proposed Data Protection Regulation has ruffled feathers. Focusing on the implications for businesses and what an increase in potential fines will mean. An updated law that takes the increasing challenges of data security into account is long overdue, but will the potential benefits of the new regulation outweigh the perceived burdens?
8 Great Year-Round (Free!) Gifts Everyone on Your Team is Guaranteed to Love
So with all this talk of giving, Nancy Settle-Murphy got to thinking: How can we offer meaningful gifts to those we work with, especially those who are far away? And not just for holidays or birthdays or when we've achieved certain milestones - but on a regular basis, as a routine part of how we work together. How can we invoke this spirit of giving in such a way that it becomes second-nature? Here are some gift ideas that will strike a chord with team members near and far. They require very little extra time, and for the most part, they don't cost you a dime.
Check out Nancy's new book, Leading Effective Virtual Teams: Overcoming Time and Distance to Achieve Exceptional Results
Generation Tech: Young, Gifted but a Long Way from Bad
Young employees take more risks with software. This doesn't have to be a problem. From the point of view of traditional, centralized IT, BYOD and consumer software are inherently difficult to assimilate. Admins are instinctively wary and with good reason. In conventional IT, the users are the source of most problems, starting with the misuse of software. But here's an intriguing thought; far from being negative and risky, perhaps the way Generation Y adopts new applications could have long-term benefits if a way can be found to accommodate the behaviour.
Social Networking: #Friend or #Foe
Social media can be a powerful business tool, but hackers are finding increasingly sophisticated ways to exploit our online relationships. This article by Joanne Rogers of CS Risk Management examines the many potential benefits and risks, and discusses what should be the key considerations for your enterprise when utilizing social media.
Windows Networking Tools: The Complete Guide to Management, Troubleshooting, and Security
This book discusses how built-in and third-party networking tools can be used to diagnose network problems and performance issues as well as enhance the security of computer systems. The author covers a variety of networking tools and demonstrates how they can be used to determine ahead of time whether or not existing Internet connectivity can support such activities as voice and video over IP, while coverage of other tools shows readers how to prevent keyboard hacking and negate the operation of unwanted advertisement trackers through checking for and eliminating different types of attack software.
Tapping the Quiet Power of Introverts in a Virtual World
In this article, Nancy Settle-Murphy explores ways that virtual team leaders can learn how to take advantage of the quiet power and special strengths of the introverts on their teams, instead of trying to make their introverts conform to the "extrovert ideal."
May the (En)Force(ment) Be With You: Security Lessons from Star Wars
From applying security policies to DLP and effective user authentication, there are many infosecurity lessons to be learned from the classic space opera. Terry Greer-King, Check Point's UK managing director, shows how companies can avoid the Empire's mistakes.
Symantec October Intelligence Report
Symantec released its October Intelligence Report. The report investigates a new social networking scam that leverages Instagram to gather personal details and get users to sign up for premium-rate mobile services, among other things. The report also tracks a more than 10% drop in the global spam rate (down from 75% of email traffic in September, down to 64.8% in October), and examines some of the possible reasons for the sudden drop.
Privacy Compliance Laws: Why the European Commission Has Finally Got It Right
The debate about privacy compliance has always been a heated one. Add to the mix new European Commission legislation and you have a recipe for not only a lively debate but also a controversy about the interference in privacy of a European bureaucracy. This article concentrates on examining the stances that have been taken, their validity and, more importantly, what an enterprise needs to do as it turns from merely talking shop to setting and implementing concrete policies on privacy.
Symantec Releases Its Security Predictions for 2013
Symantec released its security predictions for 2013 today. One of the key forecasts is that ransomware will surpass fake AV as the premiere cybercrime strategy in the coming year. Additional predictions revolve around Conflicts between nations, organizations and individuals will predominately take place in the cyber world; As users shift to mobile and cloud so will attackers, especially exploiting Secure Sockets Layer (SSL) Certificates used by mobile devices and applications; Madware continues to spike, particularly as companies seek to drive mobile ad revenue; and New security dangers and tricks for consumers on social networks.
Auerbach Information Management Service Archives Online with FREE Access
For years, the Auerbach Information Management Service (AIMS) was the go-to resourse from IT professionals of all stripes. Now, we've completed the first step in the process of putting the archives online, starting with Data Security Management. Other volumes will be online soon, so stay tuned.
Introduction to the Smart Grid
Our current grid system is quickly becoming obsolete. One solution to this problem is smart grid. Smart grids will be able to efficiently handle our increasing energy demands and reduce the environmental impact by incorporating renewable resources. This chapter discusses what smart grids are and the technology they use, and provides case studies of early implementations.
Privacy Professor Tips of the Month
Rebecca Herold, author of several Auerbach books and co-editor of the Encyclopedia of Information Assurance, publishes a monthly newsletter of "Privacy Professor Tips of the Month." Here's a link to all of the monthly Privacy Professor Tips to date.