INFORMATION

Site Map - IT

Quick Bytes: Cybersecurity framework

- The National Science and Technology Council has released the Federal Plan for Cyber Security and Information Assurance Research and Development. The plan provides “baseline information and a technical framework for coordinated multiagency R&D in cyber security and information assurance.” It covers vulnerabilities, threats, and risk, and provides technical perspectives on subjects ranging from authentication and access control to wireless to software testing and assessment tools. An appendix provides roles and responsibilities of the members of the working group that created the report.@ The Report is at SM Online.

Growing Threat to Online Applications

- Wireless continuity between access points, Web 2.0 under increasing attack, local weather updates, and more

Getting Ahead in IT

- If you are an IT security professional or are interested in becoming one, you’ll find a new career guide issued by (ISC)2 to be a helpful resource. The guide describes the types of jobs available (including typical job titles) and explores the various areas of expertise within information security, as well as educational requirements, technical skills needed, salary ranges, and the certifications that can help you advance your career. The guide also includes a list of schools offering IT security curricula and relevant professional associations. @ Career Guide: Decoding the Information Security Profession is at SM Online.

Privacy

- Specific measures aimed at preventing data breaches are delineated in this GAO report.

Software Threats

- The annual Web@Work survey finds that employees launch hacking tool software on their network when clicking on nefarious links.

IT Guide

- A comprehensive guide from NIST tells how to set up an information security program.

Protect Your Windows Network: From Perimeter to Data

- The distinctive nature of Protect Your Windows Network : From Perimeter to Data is that it suggest ways to secure your Windows workstation and network, but it also takes a much broader approach to security and shows you how to address the issue of securing systems as a whole. This panoptic approach to securing systems is quite refreshing, and it makes the book a fascinating read.

Computer Evidence: Collection & Preservation

- Deftly, the author ties established forensics principles, developed for physical crimes like murder, to the new field of computer forensics. He explains Locard’s exchange principle, which states that any criminal activity involves an exchange between the criminal and the victim or the crime scene. Fingerprints, hair, fibers, or DNA get left behind, as do digital clues lurking in slack space or swap files

Worth a Look: Computer on a Stick

- COS is a USB token with an entire Linux operating system on it as well as a host of handy applications, including an e-mail client, the Firefox Web browser, and a PDF creator and viewer.

Security Breaches More Severe

- Although the number of organizations hit by security breaches has decreased, the severity of the breaches has shown a marked increase.

A Site To See

- If you are a wireless user, you need to know just how many tools are available to compromise wireless networks. Remote-exploit.org highlights tools such as Hotspotter, which acts like a wireless hotspot so that anyone trying to connect to a legitimate network at, say, Starbucks will attach to the attacker’s access point instead. The tools can be downloaded from the Web site along with detailed tutorials—in some cases, step-by-step Flash presentations that walk users through programs that break wireless encryption protocols or that can crack passwords. The need for information on how wireless networks can be vulnerable makes Remote-exploit.org A Site to See. @ Get there via SM Online.

Data Rivers Overflowing

- With the hurricane season underway—and with memories of last year’s catastrophes still fresh in mind—businesses in areas that are likely to be affected by summer storms are doing whatever they can to secure their premises from damage or destruction. But what about digital assets? The Florida Chamber of Commerce is helping Florida businesses to ensure that their e-mail traffic keeps flowing throughout hurricane season, even if flood waters shut down mail servers. The Digital Disaster Preparedness service is being offered for free by AppRiver, LLC, a Gulf Breeze, Florida-based company that provides e-mail security services. The company will monitor the mail servers of Florida companies that have an Internet domain name and have signed up for the service via the Florida Chamber of Commerce or App River Web sites. If bad weather hits and a company’s mail server goes down, AppRiver will reroute incoming messages to its own data centers in Texas, Virginia, and England until the damaged servers are back up, or until the company asks the mail to be redirected (messages can be made available online if requested). Spam and virus filtering are included. The free service runs through October 31. @ Point your browser to SM Onilne to link to these two sites, where you can sign up for the Digital Disaster Preparedness service if your company is based in florida.www.appriver.com www.floridachamber.com

Cybersecurity Checklist

- The United States Cyber Consequences Unit released a checklist to help business managers assess their companies’ cybersecurity.
 




Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.