INFORMATION

Site Map - Cybersecurity

Delete, Now Erase

-

More Compliance, Less Security?

- Can regulatory compliance be reducing security? Plus, guidelines on media sanitization, more devious virus attacks, and quarantining mobile devices.

A Site To See

- Every day, analysts and security experts—all volunteers—from the SANS Internet Storm Center dissect the latest threats, monitor for Web-based “storms” such as virus or worm outbreaks, and dig through sanitized intrusion-detection and firewall logs sent in from people around the world. The incident “handlers” at the Internet Storm Center maintain a regular diary of security incidents and information, from how and where to submit tips about child pornography to details and screenshots of the latest phishing attempts. The site also includes lots of graphics showing, for example, the most targeted ports or where in the world most port scans originate. It’s this month’s A Site to See. @ Get to the Internet Storm Center via SM Online.

Does SSL Lock Trouble In?

- SSL traffic is all but invisible to an enterprise, according to a survey of 319 IT security and networking professionals by Blue Coat Systems. More than 72 percent said they had no way to look inside SSL traffic, a situation that nearly 90 percent of the respondents said was risky, particularly as it can pass through firewalls unseen and untouched.@ Highlights from the survey are at SM Online.

Old problems remain unsolved

- Half of 218 companies surveyed admitted that they had active user accounts belonging to former employees (an increase of 6 percent from 2004); nearly a quarter identified unauthorized personnel with administrator rights (a 4 percent increase); and more than half had worms compromise their networks. If there was a bright spot in the 2006 Mazu Networks Internal Threat Report, it was that 71 percent of worm infections were remediated in less than 24 hours. The IT professionals who responded to the survey came from 18 industries and government agencies. @ The full report is at SM Online.

More Compliance, Less Security

- Threats to your computer can range from gnatlike annoyances such as pop-up ads to the pointed hooks The Forsythe survey notes that 28 percent of the respondents had little or no confidence that they had detected all significant security breaches in the past year; even more alarming was that a similar number rated their current IT environment as more vulnerable than a year before. That, says John Kiser, CEO of Gray Hat Research Corporation, may be a sign that time or money spent by IT professionals on ensuring compliance to top management are resources taken away from other crucial security tasks.

What Are Your Weaknesses?

- The first step that a company can and should take along the road to better data security is to conduct a formal IT assessment.

P2P Dangers Growing

- More than doubling in three years, P2P use is an increasingly dangerous means of sending confidential information.

Tech Talk From Microsoft — How to Use the TechNet Security Center

- This is the first in a series of four pieces that will highlight resources available from Microsoft. ASIS International is partnering with Microsoft to help raise IT awareness among its security professional membership.

Essential Computer Security

- The Essential Computer Security: Everyone’s Guide to Email, Internet, and Wireless Security can serve as the owner’s manual for anyone serious about ensuring the security of their computer and the data contained therein.

Behind the Numbers: Image Spam Fades in 2007

-

Paying Up for Retail Privacy

- A study in which participants were given money to spend online found that they would pay more at a site with better privacy.

Numbers

- Cyberthreats detected last year that were Trojan horse programs.
 




Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.