Security » Services

Sydney Water IT security manager talks governance strategy

Information security governance should not be treated like corporate governance, IT security steering committees must have the right stakeholders and the board can remain largely unaware of security issues. Those are key strategies for effective security governance, says IT security and assurance manager at Sydney Water, Stephen Frede.

By Rodney Gedda | 03 September, 2010 09:41

Tags: boards, CSO, governance, security, sydney water

Outsourcing information security

The need to keep information secure is not a recent development. To satisfy this need, most organisations construct a list of security requirements based on common sense. This has proven fairly effective with simple and well understood media such as pen and paper. As information management (and its security) has become more complex in nature, the likelihood of a gap in that common sense list of requirements has increased.

By Simon Burson | 28 January, 2010 07:24

Tags: Managed security services, outsourcing, security

Trend Micro CEO: hackers hitting AV infrastructure

It's become an all-too-common scam: A legitimate Web site pops up a window that looks just like a real security warning. It says there's something wrong with the computer, and click here to fix it. A few clicks later, the victim is paying out US$40 for some bogus software, called rogue antivirus.

By Robert McMillan | 26 October, 2009 08:28

Tags: antivirus, CEOs, interview, security, trend micro

Slideshow: How DNS cache poisoning works

Tips to thwart DNS cache-poisoning attacks

By Bob Halley | 21 October, 2008 09:34

Tags: DNS

When the watchdog is the underdog

Think your security staffers are trustworthy? Competent? Knowledgeable? Listen to a security professional's horror stories, and you might think again.

By Lisa Vaas | 14 October, 2008 09:53

Tags: it management, staff management

Securing the enterprise beyond the perimeter

Trying to secure laptops, cell phones, PDAs, and other mobile devices today is "terrifying," says Christopher Paidhrin, IT security and HIPAA compliance officer at Southwest Washington Medical Center. "End-point security is scarily immature."

Does your generation pose an office security risk?

Whether you were born in the swinging sixties or are part of the slacker generation, some security experts say generational social influences can give you bad habits and make you an office liability.

Security and the generational divide

The generation gap. It's a term that has been used for decades to describe the differences between people in various age groups. Corporations are constantly considering what makes different generations tick when it comes to recruiting and retaining employees. But security experts say companies also need to examine age-based perspectives and habits when it comes to risk assessment and policies.

Privacy group: Identity-theft monitoring service a waste

Consumers who sign up for identity-theft monitoring services may be getting a lot less protection against some common types of fraud than they assume they are, according to an online guide released Monday by the Privacy Rights Clearinghouse (PRC).

Norton Internet Security 2009 beta ramps up

Security software customers are speaking with their feet: They want security updates and other security interruptions out of their faces, and they won't hesitate to dump their security suites because of performance drag -- whether or not it's actually the security software that's to blame.

Big Brother's new software

Any way you look at it, video surveillance technology is becoming more sophisticated.

Fedora's FreeIPA offers identity, security services

Fedora 9, released last month, included the first release of FreeIPA, a new free/open source project that comes out of Red Hat with the goal of becoming a complete and integrated security information management solution. In this article we take a look at exactly what FreeIPA is, both what it can do now and what its developers hope it will be capable of in the future. It seems destined to become a key feature of Red Hat Enterprise Linux 6, and with Fedora 9 released and FreeIPA tightly integrated, now seems to be the perfect time to explore this new technology.

Does sandbox security really protect your desktop?

Two years ago, GreenBorder, one of the early "sandbox" browsers, received mighty applause from Wall Street Journal tech guru Walt Mossberg. The sandbox browser -- basically, a browser running in a virtual container -- promised to keep nasty code from spilling into a computer's operating system and wreaking havoc.

Six burning questions about network security

Security issues often seem to smolder more than burn, but these six are certainly capable of lighting a fire under IT professionals at a moment's notice. Handle with care.

Better than locks: A security approach to 'free'

In January, Kevin Kelly wrote an essay entitled "Better Than Free" that explained which concepts held value on the Internet. This generated a lot of interest, mostly around the question of how best to make money out of these concepts. As a career security guy, I found myself wondering how on earth my field will respond -- how does security need to adapt to support business models based on these values? When we're used to locking everything down, how do we respond when people start calling for openness?

10 essential (and free!) security downloads for Windows

To use an Internet-connected computer is to be insecure and place your privacy in danger. Spyware, viruses, Trojans and assorted malware are everywhere on the Net, trying to hop onto your PC and cause damage. Snoopers want to get at your personal information for nefarious purposes, such as identity theft.

Spam wars

Tech vendors have made headway in the war on spam, yet spammers are returning volley with sheer numbers. Perhaps it's time for more drastic measures? These are the rumblings from analysts, who reviewed anti-spam e-mail appliances and released their findings last week.

Mail security challenge

E-mail security continues to be a hot-button issue for IT administrators, who now find more moving parts in mail security solutions than they did just a couple of short years ago. Fighting viruses and spam were the original spurs for creating e-mail security appliances, and anti-spam is still the most important component of mail security. But the solutions have evolved to meet a host of additional requirements. These include securing connections between users, both internal and external; preventing loss of corporate data; stopping new types of threats such as phishing, spyware, and other types of malware; and blocking DoS and other network attacks as well as some application-layer attacks on mail servers.

Lab test: Mirapoint RazorGate

The Mirapoint RazorGate 160 (v3.8.4-GA) did reasonably well in anti-spam performance, placing fourth in filtering accuracy and seventh in false positives. That's well within useful performance, though admins should count on spending some time building whitelists if they have users who get a lot of bulk e-mail. Compliance and content filtering features were broad and easy to use, with scanning inside archives and the capability to hold encrypted e-mails for inspection if desired.

Lab test: Symantec Mail Security

For the third year in a row, Symantec Mail Security (v7.5) is the best overall performer in my tests. It didn't have the best score in false positives (it came in a close second), and it was fourth in catch rate, but considering both counts, along with feature set, pricing, and maturity, it comes in first. The Symantec product shows a level of sophistication and ease of use that only comes from being a class leader for a long time, and having all the sharp edges rounded off.