INFORMATION

Site Map - IT Security

Quick Bytes: IRS fails audit.

- The Internal Revenue Service (IRS) has submitted to the Department of the Treasury and the Office of Management and Budget (OMB) "inaccurate and misleading" information about the state of its information-security programs, according to a report prepared by an assistant inspector general for audit with the Department of the Treasury, who undertook a review of the IRS's process for monitoring its program- and system-level security weaknesses. @ Go to SM Online for more on the report.

IRS fails audit.

- The Internal Revenue Service (IRS) has submitted to the Department of the Treasury and the Office of Management and Budget (OMB) "inaccurate and misleading" information about the state of its information-security programs, according to a report prepared by an assistant inspector general for audit with the Department of the Treasury, who undertook a review of the IRS's process for monitoring its program- and system-level security weaknesses. @ Go to SM Online for more on the report. .

The 39 Steps to IT Security

- The IT Governance Institute (ITGI) has released a downloadable publication to help executives prevent data loss resulting from viruses, hacks, or theft. The paper, aimed at senior executives, offers a host of questions that senior executives need to ask about their company's IT .@ Get the documents at SM Online.

DEFINING MOMENTS

- Test your knowledge of tech terms. Pour a quart of juice into an eight-ounce glass and most of the juice will end up on the counter. Similarly, when more information comes into a computer program’s temporary data-storage area than was meant to fit, some of that data will spill over and could corrupt or even overwrite the data in adjoining areas. Savvy attackers use this flaw to gain access to systems or destroy data. What are these attacks called? Hint: The first word rhymes with slang for golfer; to get the second word, think of what happens to the juice in the eight-ounce glass. Answer: Buffer Overflow

Quick Bytes: Government report card

- It's government IT security grade time again, and as always, the news is not good. Seven agencies received a grade of F, including two-Commerce and Veterans Affairs-that respectively had a C- and a C in 2003. But there were improvements. The Agency for International Development received an A+, and the Department of Justice jumped from an F to a B-. @ The scorecard is available through SM Online.

Worth a Look

- One of the most ballyhooed differences is security; IE has been famously prone to flaws, while Firefox has remained largely outside of the virus and worm threatscape in part because it has fewer flaws and in part because it has fewer users and is not yet attracting the attention of hackers. That’s subject to change, of course, as more people adopt it.

Government report card.

- It's government IT security grade time again, and as always, the news is not good. Seven agencies received a grade of F, including two-Commerce and Veterans Affairs-that respectively had a C- and a C in 2003. But there were improvements. The Agency for International Development received an A+, and the Department of Justice jumped from an F to a B-. @ The scorecard is available through SM Online.

Worth a Look.

- One of the most ballyhooed differences is security; IE has been famously prone to flaws, while Firefox has remained largely outside of the virus and worm threatscape in part because it has fewer flaws and in part because it has fewer users and is not yet attracting the attention of hackers. That's subject to change, of course, as more people adopt it. Firefox has some differences that truly make it more secure, however. For example, it doesn't automatically load ActiveX controls, tiny programs that have been the cause of many of IE's security holes. Pros. Better security and the ability to precisely customize it to your wants and needs make Firefox a pleasure to use. Cons. Since Firefox doesn't automatically load ActiveX controls, there are some pages that simply won't load in the browser, or won't work properly. For these pages, you'll have to open IE. Where to get one? The browser is available for free from Mozilla's Web site.

DEFINING MOMENTS

- It might seem odd to dedicate network resources to actually try to attract hackers, but that’s exactly what these servers, attached to the Internet, do.

Worth a Look

- A new portable storage device called Outbacker by Memory Expert International (MXI) is a bit bigger than a flash drive—it’s about the size of a deck of cards—but it makes up for its size with an incredible 20 GB of storage space (a model with twice as much storage is also available).

Making a Federal Case of IT Security

- The federal government needs to play a greater role in protecting the IT infrastructure of the United States, according to two recent reports. The first report, from the President’s Information Technology Advisory Committee (PITAC), a group of independent experts appointed by the president to provide advice on IT issues, warns that the nation’s IT infrastructure “is highly vulnerable to attack.”

When Good Software Goes Bad

- Why it’s so hard to create secure software, how to hack Google, Sarbanes Oxley costs, a secure and portable storage device, and more from the digital world

Making a Federal Case of IT Security

- The federal government needs to play a greater role in protecting the IT infrastructure of the United States, according to two recent reports. The first report, from the President’s Information Technology Advisory Committee (PITAC), a group of independent experts appointed by the president to provide advice on IT issues, warns that the nation’s IT infrastructure “is highly vulnerable to attack.” Read the The PITAC report, Cyber Security: A Crisis of Prioritization, and the CRS report, Creating a National Framework for Cybersecurity.
 




Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.