http://www.infosectoday.com Information Security Today (www.infosectoday.com) provides essential information for managing the security of a modern, evolving enterprise. It is written for information security managers and other technical managers and staff who are the first-line support responsible for the daily, efficient operation of security policies, procedures, standards, and practices. It covers access control systems and methodologies; computer operations security; application and systems development; business continuity and disaster recovery planning; telecommunications and network security; security architecture and models; physical security; cryptography; security management practices; law, investigations, and ethics. en-us Sun, 11 May 2008 08:08:45 EST Compliance frameworks are the connection between regulatory mandates and software practices. This chapter from Oracle Identity Management: Governance, Risk, and Compliance Architecture, Third Edition by Marlin B. Pohlman explores the nature of compliance frameworks and best practices in an attempt to direct the identity professional toward standards that enable auditable stewardship and governance of identity-related information. http://www.infosectoday.com/Articles/Compliance_Frameworks.htm rich.ohanley@taylorandfrancis.com Sun, 11 May 2008 08:08:45 EST While most dread turning the big 3-0, spammers are proudly accepting the number. Thirty years ago this week, Gary Thuerk sent the first email spam, paving the way for millions of spammers to follow his lead. The Symantec May State of Spam Report findings show that 80 percent of all email in April was spam, reaching as high as 87 percent at times. http://www.infosectoday.com/Articles/State_of_Spam_Report_May08.htm rich.ohanley@taylorandfrancis.com Thu, 08 May 2008 12:08:45 EST E-mail is probably the most common means of communication both within organizations and across organizations today. Because e-mails constitute business records, we need to define how we can manage these business records in terms of retaining e-mails so as to comply with standards and legislation governing an organization's documents and records. Managing e-mails is a comprehensive topic, worthy of a book on its own. However, this chapter from Document and Record Management Systems by Azad Adam, discusses the fundamental aspects of e-mail management and how it fits into document and records management. http://www.infosectoday.com/Articles/E-Mail_Management.htm rich.ohanley@taylorandfrancis.com Mon, 05 May 2008 08:08:45 EST Whether a security system serves the purposes of information asset protection or provides for general security outside the scope of IT, it is common to have three main security processes working together to provide access to assets in a controlled manner. These processes are a authentication, authorization and accounting. This is sometimes referred to as auditing. The following sections discuss these three processes and the relationship between them. http://www.infosectoday.com/Articles/Authentication.htm rich.ohanley@taylorandfrancis.com Mon, 28 Apr 2008 08:08:45 EST Assuming that your motivation is to apply a discipline to information security to be better at planning, implementing, and maintaining information security and achieving a highly effective information security program that is capable of receiving ISO 27001 certification, this chapter from "How to Achieve 27001 Certification: An Example of Applied Compliance Management" discusses such a discipline with an overview of security standards and with specific attention to existing and emerging International Standards Organization (ISO) security standards. http://www.infosectoday.com/Articles/27001.htm rich.ohanley@taylorandfrancis.com Wed, 16 Apr 2008 10:53:45 EST IT is a strategic differentiator. Often, it is a single force that determines the speed and agility of an organization. Decisions about IT spending are a series of trade-offs. The key to making the right decisions lies in first knowing the compelling needs to achieve the business strategy. Establishing the strategic enablers generates the focus for planning activities to achieve this desired future state. Performance is defined differently depending on the strategic enablers critical to the business. (From The Business Value of IT: Managing Risks, Optimizing Performance and Measuring Results. http://www.ittoday.info/Articles/HowMuchIT.htm rich.ohanley@taylorandfrancis.com Mon, 14 Apr 2008 08:30:45 EST How can we use social networking tools to create a virtual community among those we work with? The answer is so complex, we needed to carve out a couple of issues to get the job done. This first part provides some guidelines for success and a framework for getting started. The next part in the series will explore how specific social networking tools can best be applied for virtual teams that are serious about getting down to business. http://www.itperformanceimprovement.com/Articles/NS_SocialNetworking.htm rich.ohanley@taylorandfrancis.com Mon, 14 Apr 2008 08:30:45 EST In today's business world with all its complexities and nuances, specialization in operational tasks is really the better way to go. Every operation requires so much specific knowledge that it's impossible for any one person or even one organization to possess it. While taking a holistic approach may sound good in theory, in practice it tends to lead more to frustration and disappointment than success. When that happens, the business almost always suffers, and often a very good supplier for certain things winds up getting judged more for what it can't do very well than what it can. http://www.ittoday.info/Articles/DBAD-Mediocrity.htm rich.ohanley@taylorandfrancis.com Fri, 11 Apr 2008 12:48:45 EST The latest Internet Security Threat Report (ISTR), Volume XIII released today by Symantec concludes that the Web is now the primary conduit of attack activity, as opposed to network attacks, and that online users can increasingly be infected simply by visiting everyday Web sites. The report also found that attackers are seeking confidential end-user information that can be fraudulently used for financial gain and are less focused on the computer or device containing the information. http://www.infosectoday.com/Articles/ThreatReportg.htm rich.ohanley@taylorandfrancis.com Tue, 08 Apr 2008 11.13:45 EST The technology designed to protect highly sensitive data from leaks through networks is complex and expensive in terms of acquisition and ongoing operation costs, and its effectiveness is dependent upon what type of traffic an organization allows to permeate through its periphery. To combat information leaks effectively through networks, organizations must follow the continuous information security plan cycle: assess, design, implement, educate, monitor, and correct. The security personnel's awareness and understanding of vectors that could be used by ill-intentioned persons to sneak sensitive or confidential information out of a network are key to mitigating its risk. http://www.infosectoday.com/Articles/NetworkContentFiltering.htm rich.ohanley@taylorandfrancis.com Mon, 07 Apr 2008 08.32:45 EST