http://www.infosectoday.com Information Security Today (www.infosectoday.com) provides essential information for managing the security of a modern, evolving enterprise. It is written for information security managers and other technical managers and staff who are the first-line support responsible for the daily, efficient operation of security policies, procedures, standards, and practices. It covers access control systems and methodologies; computer operations security; application and systems development; business continuity and disaster recovery planning; telecommunications and network security; security architecture and models; physical security; cryptography; security management practices; law, investigations, and ethics. en-us Mon, 08 Mar 2010 08:25:45 EST As someone responsible for security, you should ask yourself several questions to determine how much of your corporate information is at risk. While it may sound simple, many organizations don't take the time to examine information from all sides, including both an internal view and an external view. As information traverses networks, applications, endpoints and people, an information exposure assessment of actual data loss risk across networks, Web applications, storage and endpoints can help companies determine how exposed their information might be. Gleaning visibility into your organization's internal and external exposures provides a good view of digital and critical assets. http://www.infosectoday.com/Articles/Assessing_Reducing_Information_Exposure.htm rich.ohanley@taylorandfrancis.com Mon, 08 Mar 2010 08:25:45 EST Although virtualization and cloud computing can help your company accomplish more by breaking the physical bonds between an IT infrastructure and its users, heightened security threats must be overcome in order to benefit fully from this new computing paradigm. This is particularly true for the SaaS provider. Some security concerns are worth more discussion. For example, in the cloud, you lose control over assets in some respects, so your security model must be reassessed. Enterprise security is only as good as the least reliable partner, department, or vendor. Can you trust your data to your service provider? This excerpt discusses some issues you should consider before answering that question. http://www.infosectoday.com/Articles/Cloud_Security_Challenges.htm rich.ohanley@taylorandfrancis.com Tue, 02 Mar 2010 12:25:45 EST Our goal in this article is to discuss how a backup system needs to be designed to facilitate recoveries. The purpose of a backup is to provide a mechanism to recover, and therefore it follows that the backup system must be designed to allow those recoveries to take place with as little effort or cost as possible. http://www.ittoday.info/Articles/Designing_Backup_for_Recovery.htm rich.ohanley@taylorandfrancis.com Mon, 15 Feb 2010 08:41:45 EST Congratulations! You are a successful security professional in an organization that has a global footprint. Accordingly, in your role of security manager you have just been advised that your company will build a chemical facility in Colombia, and you now have the responsibility and obligation to ensure that your company's people and assets are adequately protected. Whether you have had international security experience or not, you are about to get an education in the ups and downs, the ins and outs, of dealing with people and projects operating outside of the United States of America or wherever you country of origin might be. You are faced with major opportunities and gigantic challenges. So, what to do? Read on ... http://www.infosectoday.com/Articles/Security_Management_in_Global_and_High-Risk_Operations.htm rich.ohanley@taylorandfrancis.com Mon, 08 Feb 2010 08:41:45 EST An alert management platform empowers companies to target actionable information from IT applications and systems automatically to the employee who can resolve the issue--escalating as necessary. Effective alert management provides the tools to access internal systems and address events from a mobile workbench as well as resolve issues from any web-enabled mobile device. Process acceleration and service improvements can help resolve incidents an average of 40 percent faster, saving up to millions of dollars annually. There are five ways that implementing alert management can immediately increase operational effectiveness across the enterprise--including process and efficiency improvements in incident, service, and change management--while significantly reducing costs. http://www.ittoday.info/Articles/Alert_Management.htm rich.ohanley@taylorandfrancis.com Mon, 01 Feb 2010 15:36:45 EST One problem with the implementation of SOX is that it tends to set a standard for compliance that may be inadequate. Meeting SOX standards--i.e., passing 404--does not imply that a firm or an IT department has the processes in place required to manage its business. Nor does it mean that an optimal level of control exists anymore than having a pulse signifies good health. SOX compliance is the minimum standard, not an optimum standard. Regardless of the current maturity level of your firm, you will need to demonstrate SOX compliance efficiently and honestly. This article describes the typical steps required to pass section 404. http://www.ittoday.info/Articles/Ten_Steps_to_SOX_Compliance.htm rich.ohanley@taylorandfrancis.com Mon, 25 Jan 2010 15:36:45 EST Vulnerability management (VM) is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. This is a broad definition that has implications for corporate or government entities. It is not a new discipline, nor is it a new technology. This vital function has been a normal part of hardening defenses and identifying weaknesses to systems, processes, and strategies in the military and in the private sector. With growing complexity in organizations, it has become necessary to draw out this function as a unique practice complete with supporting tools. Listen as Park Foreman discusses how to get started. http://www.infosectoday.com/Podcasts/Vulnerability_Management.mp3 rich.ohanley@taylorandfrancis.com Mon, 18 Jan 2010 08:30:45 EST According to the Symantec Report on Rogue Security Software, 43 million users fell victim to rogue security software scams between June 2008 and June 2009. During this period, Symantec observed 250 distinct security software programs that were marketed and advertised as legitimate but that were, in fact, rogue security applications. Users either installed this software manually, believing it to be legitimate, or the software automatically installed when the user visited a malicious website. Here are tips for your users who want to avoid becoming the next victim of a rogue security software scam must be able to identify such threats and know how to mitigate their risk. http://www.infosectoday.com/Articles/Rogue_Security_Software.htm rich.ohanley@taylorandfrancis.com Mon, 18 Jan 2010 08:30:45 EST Meeting the need for an authoritative and practical classroom resource, Information Security Management: Concepts and Practice provides a general overview of security auditing before examining the various elements of the information security life cycle. It explains the ISO 17799 standard and walks readers through the steps for conducting a nominal security audit that conforms to the standard. The text also provides detailed guidance for conducting an in-depth technical security audit leading to certification against the 27001 standard. Topics addressed include cyber security, security risk assessments, privacy rights, HIPAA, SOX, intrusion detection systems, security testing activities, cyber terrorism, and vulnerability assessments. http://www.crcpress.com/product/isbn/9781420078541 rich.ohanley@taylorandfrancis.com Mon, 18 Jan 2010 08:30:45 EST IT departments willing to look beyond the surface and the obvious can often eliminate apparent tradeoffs without having to choose one side or the other. When faced with a situation that appears to force a tradeoff, try to examine the problem from a different angle. Taking this fresh-thinking perspective can stretch the IT budget to achieve goals that you might otherwise forgo in an environment of severe financial constraints. http://www.ittoday.info/Articles/Stretch_IT_Budget.htm rich.ohanley@taylorandfrancis.com Mon, 11 Jan 2010 08:30:45 EST This excerpt from Intelligent Network Video: Understanding Modern Video Surveillance Systems by Fredrik Nilsson and Axis Communications outlines the evolution of video surveillance systems. It explains different system configurations, from fully analog to fully digital, along with the benefits of each configuration. The systems described in Sections 2 and 3 constitute partly "digital" video systems. Only the systems described in Sections 4 and 5 are true network video systems in which video streams are continuously being transported over an IP network, providing full scalability and flexibility. http://www.infosectoday.com/Articles/Video_Surveillance_Systems.htm rich.ohanley@taylorandfrancis.com Wed, 06 Jan 2010 15:42:45 EST