Site Map - IT Security

Worth a Look

- The problem is that reusable passwords do not provide true security. Biometrics offers a more secure option, and new products are making it a more viable one as well. For example, Silex Technology, Inc., recently released its Combo-Mini, a small plastic device that connects to a computer's USB port. The three-inch-long Mini features a sliding plastic cover over a small fingerprint sensor. The system software comes on a CD and installs in about ten minutes; a USB extension cable is included in the package.

DHS Cybersecurity

- The Department of Homeland Security (DHS) has made many improvements in its information security program, according to the agency's Inspector General (IG). However, he notes in a new report that the agency still lacks "an accurate and complete system inventory."

Keystroke Loggers Catch a Break

- Key logging gets its day in court, a portable fingerprint device protects corporate networks, the rising tide of infosec professionals, plus more.

Spam, phishing stats

- According to statistics released by MessageLabs, a managed e-mail security services provider that scans e-mail for its clients, 73.2 percent of the messages it scanned in 2004 were spam. Of the 147 billion e-mails it scanned, it found that 1 in 16 contained a virus (MyDoom ranked first). And more than 18 million phishing e-mails were intercepted, from a low of 337,050 in January to 4,522,495 in November, jumping nearly tenfold between June and July. @ MessageLabs Intelligence Annual E-mail Security Report 2004 is available through SM Online. .

Government-eye view

- Government IT managers spend three hours each day completing information security compliance reports, according to research from Intelligent Decisions, a systems integrator that interviewed more than two dozen government security professionals. But patch management tops their list of concerns. @ More from Federal Information Security Officer Survey Results is at SM Online.

Spyware Bill Reintroduced

- Rep. Mary Bono (R-CA) has reintroduced a bill that would require that consumers receive "a clear and conspicuous notice" prior to software being loaded onto their computers. H.R. 29, titled the Securely Protect Yourself Against Cyber Trespass Act (SPY Act), is cosponsored by lawmakers from both sides of the aisle. It was first introduced in 2004 and passed the House in October. However, the bill was not passed by the Senate before the end of the 108th Congress. The SPY Act is meant to protect consumers from spyware, programs that are surreptitiously loaded onto a computer that are able to track and gather the consumer's data, including which sites were visited or even sensitive information such as credit card numbers. The Federal Trade Commission would be responsible for enforcing the SPY Act and would be authorized to fine offenders as much as $3 million per violation.

A Site to See

- Stories about IT security pass from fact to hyperbole all too quickly when vendors or government officials focus on the dramatic rather than the factual elements of an anecdote. How to separate the truthful from the fanciful? Noted IT security guru Mich Kabay, associate professor of information assurance at Norwich University, has created a database of more than 5,000 "interesting or significant events" related to IT security going back to 1995. The events, cataloged both in PDF format and MS Access, are classified using a taxonomy of hundreds of keywords on topics ranging from identity theft to virus hoaxes. You'll probably find the perfect IT story to illustrate your next presentation. @ Just point your browser to to link to the database, this month's A Site to See.

Cyberpros on the March

- The number of security professionals will nearly double, rising to 2.1 million by 2008, predicts the International Information Systems Security Certification Consortium, or (ISC)2. The rate of growth will vary by region, however, according to the group's Global Information Security Workforce Study. For example, growth of about 12 percent annually is anticipated in the Americas, while growth of about 18.3 percent is expected in the Asia/Pacific region. The study, conducted by market intelligence firm IDC, was based on a questionnaire filled out by 5,371 respondents from more than 80 countries.

Cybercrime Flourishes as the U.S. Government Fails to Respond

- A new investigative report says the U.S. government is short-changing its cybersecurity efforts while cybercrime costs U.S. businesses $67.2 billion annually.

Hardening Windows Systems.

-   Does a week ever go by without a major Windows vulnerability coming to light? It is evident that, prior to Windows XP Service Pack 2, the operating system was geared to file and printer sharing, not security. Among security professionals, the common view is that the best way to secure Windows is to use a more secure operating system such as Linux.

Cooperation, Not Convergence

- Amit Yoran, who served as director of the National Cyber Security Division in the Department of Homeland Security until he stepped down late last year, has some unconventional views on how IT and physical/operational security departments should be structured in the corporate world. "Tech Talk" recently talked with him about those views.

New in Plaintext

- Know Cyber Risk by Managing Your IT Security is a new book by James P. Litchko and Al Payne, CISSP. The short book (only 160 pages) is written so that even the most technophobic manager can understand how, for example, to calculate a quantitative annual loss estimate for IT systems. The estimate, the book explains, "is the potential loss in dollars per year from attacks by a threat against a vulnerability.

Worth a Look

- A portable security appliance from Red Cannon Security, which produces endpoint security products, may answer these mobile concerns. The Fireball KeyPoint is a USB token that provides a host of security tools to help ensure that information entered remotely, whether in an airport kiosk, at the local Kinko's, or in a hotel business center, is kept confidential.

Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.