Symantec May State of Spam Report: Un-Happy 30th Birthday
While most dread turning the big 3-0, spammers are proudly accepting the number. Thirty years ago this week, Gary Thuerk sent the first email spam, paving the way for millions of spammers to follow his lead. Symantec’s May State of Spam Report findings show that 80 percent of all email in April was spam, reaching as high as 87 percent at times.
E-mail Management
E-mail is probably the most common means of communication both within organizations and across organizations today. Because e-mails constitute business records, we need to define how we can manage these business records in terms of retaining e-mails so as to comply with standards and legislation governing an organization's documents and records. Managing e-mails is a comprehensive topic, worthy of a book on its own. However, this chapter from Implementing Document and Record Management Systems by Azad Adam, discusses the fundamental aspects of e-mail management and how it fits into document and records management.
Authentication, Authorization, and Accounting
Whether a security system serves the purposes of information asset protection or provides for general security outside the scope of IT, it is common to have three main security processes working together to provide access to assets in a controlled manner. These processes are a authentication, authorization and accounting. This is sometimes referred to as auditing. The following sections discuss these three processes and the relationship between them.
Information Security Year in Review: 2007
With over 50 articles from over 50 of the best and the brightest in the industry, this annual look back (and peek forward) is something no one concerned with information security should miss.
Introduction to International Standards Organization Security Standards
Assuming that your motivation is to apply a discipline to information security to be better at planning, implementing, and maintaining information security and achieving a highly effective information security program that is capable of receiving ISO 27001 certification, this chapter from How to Achieve 27001 Certification: An Example of Applied Compliance Management discusses such a discipline with an overview of security standards and with specific attention to existing and emerging International Standards Organization (ISO) security standards.
New Internet Security Threat Report Reveals Details on Hackers' Quest for Private Information
The latest Internet Security Threat Report (ISTR), Volume XIII released today by Symantec concludes that the Web is now the primary conduit of attack activity, as opposed to network attacks, and that online users can increasingly be infected simply by visiting everyday Web sites. The report also found that attackers are seeking confidential end-user information that can be fraudulently used for financial gain and are less focused on the computer or device containing the information.
Network Content Filtering and Leak Prevention
The technology designed to protect highly sensitive data from leaks through networks is complex and expensive in terms of acquisition and ongoing operation costs, and its effectiveness is dependent upon what type of traffic an organization allows to permeate through its periphery. To combat information leaks effectively through networks, organizations must follow the continuous information security plan cycle: assess, design, implement, educate, monitor, and correct. The security personnel's awareness and understanding of vectors that could be used by ill-intentioned persons to sneak sensitive or confidential information out of a network are key to mitigating its risk.
Data Loss Prevention: Where Do We Go From Here?
Data loss prvention is fast becoming one of the most overused yet misunderstood acronyms in an industry known for its cryptic abbreviations. The popular label for data loss prevention is appearing on a puzzling variety of security products, adding to the confusion and hype. Meanwhile, the debate continues over where DLP should be deployed: on the network or the endpoint? What about stored data? And does it matter whether DLP is deployed as a standalone solution or as a feature in a broader product portfolio? To address those questions, organizations must first understand what DLP is, why it is important, and how it works.
Millenial Workforce: IT Risk or Benefit?
The Millennials are here. And according to a new Symantec study,
Millennial Workforce: IT Risk or Benefit, this should be a real wake-up call to CIOs. Trying to implement IT risk
management policies with a millennial workforce--one that has been labeled as risk takers--is very problematic. The
study was conducted with 200 respondents each from the millennial workforce (born after 1980), the older workforce
(born before 1980), and IT executives and professionals, to better understand this problem and the potential IT risk
issues surrounding the emergence of this new tech savvy workforce. Clearly, the study reveals there is potential for
huge risk exposure: data loss, compliance issues, legal implications, and other problems.
Best Practices for Deploying WAN Optimization with Data Replication: Keys for Successful Data Protection across the WAN
All too often, the Wide Area Network (WAN) link is the weak link in data protection. As data volumes
grow, and as the distance between data centers increases to protect business data from catastrophic disasters, there is
increasing pressure being placed on the WAN. This has heightened the demand for optimization tools that can improve
data replication times across the WAN while maximizing bandwidth efficiency during these processes. By understanding
these requirements and establishing guidelines for addressing them, WAN optimization can be deployed with maximum
effectiveness. As such, WAN optimization can live up to its potential as a key enabler for strategic disaster recovery
initiatives.
Would Effective IT Controls Have Prevented Data Theft at LGT Group?
In the latest of major European security breaches, German Tax Authorities were allegedly able to pay five million Euros
to an anonymous information to get confidential information about account holders at the well-known Liechtenstein
bank. How did this breach of data happen, and what are the larger implications for financial institutions worldwide? In this article,
Calum Macleod, European Director of Cyber-Ark, examines this question in detail.
Security Testing Versus Functional Testing
There are some significant differences between security testing and functional testing that really require some fundamental shifts in how you think about testing. As explained in this excerpt from Testing Code Security, you have to step back and reassess some of the "rules of thumb" and "tribal knowledge" of software testing that you've learned over time.
Automate Role Management to Avoid Three Major Business Disasters
Roles and role management have come a long way from serving principally as a means of making it easier to manage access to applications. As the growing number of roles-driven projects indicates, roles are increasingly likely to address critical business objectives such as greater cost efficiencies, improved compliance, and reduced security exposure. Working as part of an integrated, automated role-management and identity-management solution, roles can go a long way toward helping avert potential business catastrophes in increasingly collaborative and complex business environments.
Symantec Research Debunks Common Myths that Contribute to IT Failures
Symantec Corp. released the Symantec IT Risk Management Report, Volume II, revealing that awareness of the importance of IT risk management is increasing, however several myths persist. Despite the finding that practitioners are embracing a more balanced approach that encompasses security, availability, compliance and performance risks, misunderstandings of IT risk management can lead to potential IT system failures, and ultimately impact business continuity. The report also indicates process issues cause 53 percent of IT incidents, while IT often underestimates the frequency of data loss incidents.
Lack of Privileged Password Management Can Explain What Went Wrong at Societe Generale
There is not an organization that is not vulnerable to an attack, either through deliberate targeting or
through the failure of IT security staff and auditors who in the interests of saving a nail in their budget are
prepared to risk the Kingdom. Societe Generale should serve as a wake-up call to any organization that has not
addressed the issue of Privileged Password management and Application Password management and if what has happened at
Societe Generale does not serve as a warning to others to address what Burton Group refers to as the "Seedy
Underbelly of Identity," then it is only a matter of time until the next kingdom goes down in flames.
Attackers Increase Exploits on Trusted Entities
As security measures are developed and implemented to protect the computers of end users and organizations,
attackers will likely continue to adapt innovative, new techniques and strategies to circumvent them. However, by
using a combination of advanced protective technologies and best practices as explained here, individuals and enterprises can avoid
many of the Web's perils and enjoy more of its benefits.
Ten Tips for Successful IT Disaster Recovery Planning
Every business is vulnerable to experiencing a serious incident, preventing it from continuing normal business operations
at any time. Beyond terrorist threats, less catastrophic events such as a lost or stolen laptop, the Northeast Blackout
of 2003, Manhattan's steam pipe explosion in 2007, recent wildfires in California and numerous presently unforeseen
possibilities can cause substantial business interruptions. Anticipating disaster and preparing seems both prudent and
advisable, as does regular testing of IT services and back-ups. A well-structured and coherent disaster recovery plan
will enable companies to recover quickly and effectively from an unforeseen disaster or emergency, thus avoiding
significant business interruption and loss. Here are ten things you should be doing.
8 IT Security New Year's Resolutions for 2008
2008 is expected to continue the 2007 trend of increasing size, scope, and concentration of attacks on computer networks nationwide. Attacks are increasingly more targeted as malware, worms, and other malicious code to bypass simpler, more traditional network security systems. The year 2008 will likely see even greater emphasis on specific attack methods such as cross-site scripting, application-level attacks, and more client-side compromises. Security experts see significant new trends including "super worms" and XPATH injection attacks on the horizon. To protect computer networks from compromise, here are the top eight 2008 New Year's resolutions any diligent network manager should make and keep in the year ahead.
The Desktop Dilemma: Liberty vs Lockdown
Ask any Windows administrator or security professional and you'll find widespread support for locking down PCs by removing users' administrative privileges. Why then have so many IT organizations been unable to implement better controls in their desktop environments? The truth is that removing admin rights is only part of an application control solution. IT organizations still need to address many critical requirements, such as: " How can you overcome organizational resistance to more control on the desktop? " How will legitimate software be installed without overburdening the IT staff? " What policy should be applied to users who must install software, such as engineers or executives? This article examines answers to questions like these and outlines a nine-step methodology that can make or break your transition to a well-managed and controlled Windows environment.
Hackers Scamming Online Holiday Shoppers
With Cyber Monday and the Holiday Shopping Season in full swing, SecureWorks has seen foreign and domestic hackers
and scammers gearing up for scams related to the post-Thanksgiving Day commerce. Traffic has been especially heavy on
the hacker forums where hackers arrange these scams. SecureWorks has seen a big increase in that type of chatter on
forums in the last 30 days, and the rate of increase all coincide with the timing of Cyber Monday.
How to Select a Password Management System
What should you look for in a password management system? Here's a list of 11 items to help guide to the right decision for your enterprise.
Top 10 Security Trends 2007 and Predictions for 2008
Today's attackers are increasingly sophisticated and organized, and have begun to adopt methods that are similar to traditional software development and business practices. With the end of year and holidays approaching, Symantec Security Response released its list of the top 10 Internet security trends seen in 2007 and what to look for in 2008.
Stopping the Biggest Threat to Data Theft: Employees
Passwords, firewalls, encryption, two-factor authentication and access-control lists are among the tools available to
information security professionals. Other options include system audits, patch management, network traffic monitoring and
penetration testing. And there are a range of information security training programs and certifications to best use
these tools. But despite this arsenal and well-trained professionals securing networks and systems, businesses cannot completely stop
the flow of proprietary data, trade secrets and confidential information leaving their organizations and ending up in the hands of competitors, journalists and whistleblowers. There is a simple explanation for this problem, but not a simple solution to completely stop it. Here are some methods to help.
Hackers Scam Thousands of PC Users Through Online Ads Touting Rogue Antispyware
SecureWorks reported recently that hackers
using Russian Business Network (RBN) services, among other hosting services, have successfully scammed thousands of
victims with a new and complex multi-step scam involving rogue antispyware. Reported incidents of the scam have
increased 1000 percent in the last month.
