INFORMATION

Site Map - IT

Enhancing Computer Security with Smart Technology

- The goal of the book is to show how to use “smart technology” (which, regrettably, the authors never define) to enhance computer security.

DHS Computers Hacked

- Dozens of computers compromised.

Quick Bytes: Encrypting data at rest

- Pressure to comply with regulatory efforts such as Sarbanes-Oxley and Gramm-Leach-Bliley is the key driver of enterprisewide encryption efforts, according to security professionals at 112 financial services companies surveyed by InfoTech, yet just over half of those surveyed said that encryption of data at rest is “a high priority for their organizations.” Less than a third said they think their firms are doing “an adequate job of encrypting data at rest.” Fifty-seven percent plan new encryption efforts in the near future. @ More results from Enterprise Encryption in the Financial Services Sector are available at SM Online.

Laptop Lessons Learned?

- Who’s responsible for restoring the Web after disruption? Also, advice on laptop security, a book on corporate blogs, and slow compliance with the PCI data security standard.

Who Owns the Net?

- Who’s responsible for restoring the Web after disruption? Also, advice on laptop security, a book on corporate blogs, and slow compliance with the PCI data security standard.

Who Owns the Net?

- The Business Roundtable recommends that the private sector take responsibility for fixing weaknesses in key Internet assets.

Security and Usability: Designing Secure Systems That People Can Use

- The six major parts of the book all have their enlightening moments, whether discussing authentication mechanisms or privacy and anonymity.

Anti-Spam Toolkit

- The book is ideal for system administrators tasked with evaluating antispam products for their organizations, but there is something for every level of user.

New in Plaintext

- The book is best browsed through in front of a computer, because you’ll be eagerly visiting the Web sites he writes about and trying the software and tactics he describes. Many of the latter I had never heard of. For instance, in a chapter on how to work around censorship (government or corporate) of Web sites, he describes how to access banned Web pages by having them e-mailed to you. No special software is required; just send an e-mail containing the URL of the Web site you want to see to a certain e-mail address, and the full site will be sent back to you inside a return message.

Getting Ahead in IT

- If you are an IT security professional or are interested in becoming one, you’ll find a new career guide issued by (ISC)2 to be a helpful resource. The guide describes the types of jobs available (including typical job titles) and explores the various areas of expertise within information security, as well as educational requirements, technical skills needed, salary ranges, and the certifications that can help you advance your career. The guide also includes a list of schools offering IT security curricula and relevant professional associations. @ Career Guide: Decoding the Information Security Profession is at SM Online.

Quick Bytes: Unsafe workers.

- Seventeen percent of employees have launched a hacking tool or keystroke-logging software on their network in the past year, an increase from 12 percent from the year before. That’s no surprise given that 47 percent of the 351 IT decision-makers interviewed by Websense said employees who received phishing e-mails clicked on the link they found in the message, while a third of those interviewed admitted that they don’t block executables in e-mails. The annual Web@Work survey interviewed 351 information technology managers from U.S. companies of all sizes. @ More results of the survey are at SM Online.

Quick Bytes: Cybersecurity framework

- The National Science and Technology Council has released the Federal Plan for Cyber Security and Information Assurance Research and Development. The plan provides “baseline information and a technical framework for coordinated multiagency R&D in cyber security and information assurance.” It covers vulnerabilities, threats, and risk, and provides technical perspectives on subjects ranging from authentication and access control to wireless to software testing and assessment tools. An appendix provides roles and responsibilities of the members of the working group that created the report.@ The Report is at SM Online.

Quick Bytes: Cybersecurity framework

- The National Science and Technology Council has released the Federal Plan for Cyber Security and Information Assurance Research and Development. The plan provides “baseline information and a technical framework for coordinated multiagency R&D in cyber security and information assurance.” It covers vulnerabilities, threats, and risk, and provides technical perspectives on subjects ranging from authentication and access control to wireless to software testing and assessment tools. An appendix provides roles and responsibilities of the members of the working group that created the report.@ The Report is at SM Online.
 




Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.