Site Map - IT Security

Cyberpros on the March

- The number of security professionals will nearly double, rising to 2.1 million by 2008, predicts the International Information Systems Security Certification Consortium, or (ISC)2. The rate of growth will vary by region, however, according to the group's Global Information Security Workforce Study. For example, growth of about 12 percent annually is anticipated in the Americas, while growth of about 18.3 percent is expected in the Asia/Pacific region. The study, conducted by market intelligence firm IDC, was based on a questionnaire filled out by 5,371 respondents from more than 80 countries.

Cybercrime Flourishes as the U.S. Government Fails to Respond

- A new investigative report says the U.S. government is short-changing its cybersecurity efforts while cybercrime costs U.S. businesses $67.2 billion annually.

Hardening Windows Systems.

-   Does a week ever go by without a major Windows vulnerability coming to light? It is evident that, prior to Windows XP Service Pack 2, the operating system was geared to file and printer sharing, not security. Among security professionals, the common view is that the best way to secure Windows is to use a more secure operating system such as Linux.

Cooperation, Not Convergence

- Amit Yoran, who served as director of the National Cyber Security Division in the Department of Homeland Security until he stepped down late last year, has some unconventional views on how IT and physical/operational security departments should be structured in the corporate world. "Tech Talk" recently talked with him about those views.

New in Plaintext

- Know Cyber Risk by Managing Your IT Security is a new book by James P. Litchko and Al Payne, CISSP. The short book (only 160 pages) is written so that even the most technophobic manager can understand how, for example, to calculate a quantitative annual loss estimate for IT systems. The estimate, the book explains, "is the potential loss in dollars per year from attacks by a threat against a vulnerability.

Worth a Look

- A portable security appliance from Red Cannon Security, which produces endpoint security products, may answer these mobile concerns. The Fireball KeyPoint is a USB token that provides a host of security tools to help ensure that information entered remotely, whether in an airport kiosk, at the local Kinko's, or in a hotel business center, is kept confidential.

A Site To See

- The verb "hack" did not start out as a pejorative. In its original sense, it simply meant pushing a piece of hardware or software beyond its intended capabilities, to make it do something it was not designed to do.

CUL8R, Dude

- Resources on threats to instant messaging, a portable security device is tested, Amit Yoran discourages convergence, and more.

iPods Sing for Investigators

- Classes Vermont's Champlain College George Washington Univ PDAs NIST Report Computer Forensics Tool Testing Web Site Other sources High Technology Crime Investigation ASsociation (HTCIA) International Association of Computer Investigative Specialists (IACIS) FBI's InfraGard  

A Site to See

- The verb "hack" did not start out as a pejorative. In its original sense, it simply meant pushing a piece of hardware or software beyond its intended capabilities, to make it do something it was not designed to do.A personal blog by Ed Felten, a Princeton University computer science professor, called Freedom to Tinker, explores this controversial intersection in regular missives ranging from the use of P2P to what he terms "the weird Orwellian language" of digital-rights-management vendors. Felten's blog is this month's A Site to See.

CUL8R, Dude

- If you had no problem understanding that headline (it decodes as "see you later, dude"), you're one of those initiated into the world of instant messaging (IM). And you're a potential source of threats to the corporate network if you use IM at work. But IT personnel now have some new resources to help mitigate threats to the network created by IM or peer-to-peer (P2P) communications. One is a Web site of current threat and vulnerability information sponsored by FaceTime Communications, a provider of tools that secure IM and P2P networks. The information on the Web site comes from the FaceTime Instant Response Security Team (FIRST), which is a group of security pros dedicated to collecting information on new threats and vulnerabilities and then finding ways to mitigate these. Another resource is the IMLogic Threat Center, created by IMLogic, which makes software products that help enterprises manage corporate IM usage. Like FIRST, the Threat Center offers a knowledge base of IM and P2P viruses and worms, and has partnerships with IM vendors and antivirus companies. Much of this knowledge base comes from a honeypot infrastructure designed to catch IM and P2P threats.

Bush Pushes to Redirect Funds into Cybersecurity

- President Bush is asking Congress to redirect $152 million to shore up cybersecurity vulnerabilities at government agencies.

From Bluetooth to RedFang

- The boom in Bluetooth wireless devices is a boon for mobility, but attackers are already eyeing vulnerabilities.

Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.