What Defines a Green, Next-Generation, Virtual Data Center?
Many approaches and technologies, addressing different issues and requirements, can be used to enable a green and virtual data center. Virtualization is a popular approach to consolidating underutilized IT resources, including servers, storage, and I/O networks to free up floor-space, lower energy consumption, and reduce cooling demand, all of which can result in cost savings. However, virtualization-and particularly consolidation-applies to only a small percentage of all IT resources. The importance of this chapter from The Green and Virtual Data Center is that there are many facets of virtualization that can be used to enable IT infrastructure resource management to improve service delivery in a more cost-effective and environmentally friendly manner.
Why SaaS Plays Nicer than Enterprise Software
This article looks at the benefits of SAAS software in comparison to enterprise software. It argues that with enterprise software, what you thinks you are buying, what was demonstrated and what is actually delivered, are frequently different things. On the contrary, with SaaS, it’s “What You See Is What You Get.” Further, with SaaS, rather like Open Source, you have not one, but many voices of criticism pointing out the numerous ways the software can be improved. Of course, you will hear both good and bad ideas, but since we’re in a market of ideas, the good ones win out. So over time, a SaaS solution begins to represents a consolidated set of best practices.
Security of Mobile Communications
This innovative text provides comprehensive coverage of the complex security issues that face the mobile communications industry. Discussions include hacking and infecting with viruses; techniques used to provide access control, authentication, and authorization; the security of SIM-like cards; standards implemented by the GSM, third generation, WLAN, and ad-hoc networks; the security of wireless sensor networks, satellite services, mobile e-services, and inter-system roaming and interconnecting systems; and the applications using IP mobility. Mobile communications scientists, students, engineers, and telecom service providers, will find this to be an invaluable resource.
Predicting the ROI of Change
Process Simulation Modeling (PSIM) can provide real business value to organizations that are trying to change processes. When companies use the appropriate software simulation, designed for their industry to evaluate process performance, these organizations can improve their operations and achieve higher levels of process maturity with the integration of CMMI. Discover how Process Simulation Modeling (PSIM) can help you zero-in on the changes that will deliver a positive ROI.
Managing the IT Procurement Process
This chapter from IS Management Handbook, Eighth Edition presents a model of the IT procurement process that was developed by the SIM Working Group to provide a framework for studying IT procurement.
Why Tomorrow Is Too Late to Think about Business Continuity
Business owners and executives juggle a number of projects each day that draw on their time and resources. As a result, they tend to defer business continuity into the "solve tomorrow" column until right before (or right after) an incident. This is a critical, sometimes disastrous mistake. Like all business-essential IT programs, designing and implementing a functional continuity plan is a multi-month process. The link between business continuity and disaster survivability is significant. If you are inclined to agree, you can get started today by following steps in this article.
Optimizing Exchange and Active Directory Backup and Recovery
To optimize backup and recovery of Exchange and Active Directory environments, organizations can leverage a growing number of advanced tools that overcome the challenges of traditional approaches. As this article explains, these new tools give businesses a more simplified and streamlined process that reduces their backup windows, provides continuous protection and delivers efficient granular recovery of the critical business information.
Introduction to Web Application Firewalls
This article pushes the concept of Web application firewalls to "protect the information processed by web applications from web-based attacks," presents some typical information security requirement scenarios, and analyzes available technology control options for securing the information.
How to Develop and Implement a Security Master Plan
This articles discusses the reasons for developing a security master plan and outlines the thought processes and initial steps required.
May 2009 Symantec State of Spam Report
According to the Symantec May 2009 State of Spam Report, spam volumes continue to creep back up to normal, and are currently sitting at 94 percent of their pre-McColo levels. The recent Swine Flu outbreak has become yet another example of how spammers continue to respond to current events. Other trends this month include Mother’s Day spam, image spam returns, and spam focusing on Obama’s first 100 days in office.
Employer Preparation for a Pandemic
To most public health authorities, including the Centers for Disease Control (CDC), the question is not if there will be a pandemic, but when it will occur. A pandemic is a global outbreak of a disease. Employers need to validate that they have performed their due diligence in developing plans to cope with a pandemic. Employee welfare should be upper most in the mind of employers and contingency plans should reflect a variety of options depending on the severity of the pandemic’s effects on employees and on the employer’s supply chain.
Pandemic Influenza: Emergency Planning and Community Preparedness
This book outlines the containment and response capabilities needed to effectively plan and prepare for a wide-spread outbreak. Addressing clinical factors and public health challenges, the authors examine critical issues such as the types of influenza and related health implications, outbreak prevention and mass prophylactic measures, medical supply and fatality management, response actions for various emergency service disciplines, and the potential economic effects of a pandemic outbreak. Mirroring the goals of the U.S. National Strategy for Pandemic Influenza, the text underscores the importance of expanding the health care system’s capacity to provide adequate triage and medical care.
Malware Writers Jump on Swine Flu Bandwagon
Symantec Security Response has observed malware writers joining spammers in leveraging the Swine Flu to reach unsuspecting computer users. While samples are extremely limited, this appears to be yet another attempt by hackers to leverage current events as lures to distribute their malware.
Dealing with High Availability/Disaster Recovery Issues in Multi-tier, Heterogeneous Environments
According to research conducted by Symantec in 2008, virtualization is the major factor causing 55 percent of organizations to reevaluate their disaster recovery plans. Complications with having different tools for physical and virtual environments include higher training costs, operating inefficiencies, greater software costs and workforces that work in silos. This article discusses how to keep lines of communication open, develop an accurate high-availability disaster recovery solution and the importance of implementing a tool that allows organizations to manage virtualized environments alongside physical environments.
Insider Threats Remain Low Priority
Despite recent headlines announcing major corporate data breaches, concerns about insider security threats remain a low priority for enterprise organizations. According to a survey of IT industry professionals conducted by Lieberman Software Corporation, insider security threats and corporate data breaches are lesser security concerns than more traditional security risks, such as viruses, Trojans and worms.
Information Security Fundamentals
The purpose of information protection is to protect an organization's valuable resources, such as information, hardware, and software. Through the selection and application of appropriate safeguards, security helps the organization meet its business objectives or mission by protecting its physical and financial resources, reputation, legal position, employees, and other tangible and intangible assets. This chapter from Information Security Fundamentals by Tom Peltier examines the elements of computer security, employee roles and responsibilities, and common threats. It also examines the need for management controls, policies and procedures, and risk analysis. Finally, it presents a comprehensive list of tasks, responsibilities, and objectives that make up a typical information protection program.
Understanding Information Security Management Systems
Recent high profile information security breaches and the value of information are highlighting the ever increasing need for organizations to protect their information. An Information Security Management System (ISMS) is a systematic approach to managing sensitive company information so that it remains secure. It encompasses people, processes and IT systems. This article will help you understand an Information Security Management System.
ITIL and Security Management Overview
This article focuses on how information security management works within the Information Technology Infrastructure Library (ITIL).
So, You Want to Write a Disaster Recovery Plan?
Today, disaster recovery plans encompass every type of automated system, including mainframes, servers, open systems, desktop and mobile devices, networks and telecommunications systems. The chapter from the second edition of Business Resumption Planning introduces a four-step disaster recovery planning process and discusses finding the resources to complete the plan.
New Report on Web-based Attacks
This paper focuses on some of the top Web threat trends that Symantec security analysts have seen over the past year, including An increasing number of drive-by downloads from mainstream Web sites; Attacks are heavily obfuscated and dynamically changing making traditional antivirus solutions ineffective; Attacks are targeting browser plug-ins instead of only the browser itself; More and more misleading applications are infecting users; SQL injection attacks are being used to infect mainstream Web sites; Malvertisements are redirecting users to malicious Web sites; and Explosive growth in unique and targeted malware samples.
The Ethical Hacking Framework
What is a framework? Moreover, how does it apply to attacking a system? Finally, is a framework a methodology? A framework is collection of measurable tasks, whereas a methodology is a specific set of inputs, processes, and their outputs. A framework provides a hierarchy of steps, taking into consideration the relationships that can be formed when executing a task given a specific method. By formatting ethical hacking in a framework, as opposed to simply a collection of methods and tactics, elements can be easily removed and added to accommodate specific requirements of the test. Includes a downloadable poster of The Ethical Hacking Framework.
Vulnerability Case Study: Cookie Tampering
Cookies are technically small pieces of text that are sent to the Web client browser by a server and intended to be sent back to the server, unchanged, each time it accesses the same server or another server in the same domain. Cookies are used for authentication, tracking, maintaining state over stateless HTTP, as well as maintaining specific information about the user such as their site preferences, etc. However, there are a lot of risks associated with cookies, which can create vulnerabilities as described in this article.
Security Event Management
In many organizations, security policies or business regulations require that security events are monitored and that security logs are reviewed to identify security issues. Information captured in security logs is often critical for reconstructing the sequence of events during investigation of a security incident, and monitoring security logs may identify issues that would be missed otherwise. The problem is that the amount of information generated by security devices and systems can be vast and manual review is typically not practical. Security event management (SEM or security information management (SIM)) solves this problem by automatically analyzing all that information to provide actionable alerts. As this article explains, security event management deals with the collection, transmission, storage, monitoring and analysis of security events.
Ranking Risks: Rare to Certain, Negligible to Catastrophic
Risks your project or business are exposed to may be worth reviewing now more than ever to see which ones need more attention than others. This article presents a risk matrix, whcih is a risk assessment tool that exposes aspects of risks that could be subjected to some form of ranking. A risk matrix shows you and other decision makers a clearer view of what the risk is, what is involved, and what amount of time can be afforded given the severity and probability of the risk event. It can help you visualize, in an organized manner, the risks you face in quantitative and qualitative terms and plan and make a more informed decision when the situation arises.
