Browsing Category: Compliance

Mobile security can no longer be ignored

By Paul F. Roberts, The 451 Group

Starting this week at the annual CanSecWest conference in Vancouver, British Columbia, some of the world’s best hackers will crack their knuckles and get to work on a different kind of problem: hacking mobile devices including Apple’s über popular iPhone. The annual Pwn2Own contest is likely to be a wake-up call to companies about the dangers posed by BlackBerrys, iPhones and other mobile devices. Despite that, many security firms are still playing catch up on mobile device management and security. Their enterprise customers may pay the price.

Read more...

Microsoft’s Threat Management Gateway is a mixed bag

Categories: Compliance

Microsoft’s initial move into the security products market, the ISA Server, has evolved well beyond its firewall roots. Now known as the Threat Management Gateway, the product is being positioned as a comprehensive Web security gateway. But as Eric Ogren writes in his review of the Threat Management Gateway [SearchSecurity.com], the beta release offers enterprise IT shops some solid capabilities, but also has some considerable drawbacks.

Read more...

BBC botnet buy: What were they thinking?

Categories: Compliance

By Roel Schouwenberg
As Dancho Danchev pointed out, the BBC leased itself a botnet [zdnet.com]. I couldn’t quite believe it when I read it. The BBC, arguably one of the very best TV producers in the world, surely should have known better? There are so many things wrong about this that I hardly know where to start.
Firstly, given their figures, they seem to have spent quite an amount of money purchasing the botnet. Regardless of how much the total sum was, they sponsored the underground economy. Paying money to criminals (for illegal goods) is not only unethical but also considered illegal in most countries. The BBC broke the law right there and then already, not when they actively started using the botnet.

Read more...

Economic crisis hitting security budgets hard

Categories: Compliance

The economy is still terrible and will likely continue to get worse in the near term, and the picture is just as ugly for enterprise security staffs. Peter Kuper, a longtime investment banker and software analyst at Morgan Stanley, said security shops can expect to see their budgets be flat at best this year and cut sharply next year for the first time in more than half a decade.

Read more...

Can we learn from Microsoft and Google on security?

Categories: Compliance

Tech security company Fortify and security consulting firm Cigital are getting ready to release a set of best practices that tech companies and other businesses can follow to ensure that the software they develop is secure.

The authors developed the model by studying the security practices at Google, Microsoft, Adobe, and other tech companies, as well as non-tech companies that write their own software like Wells Fargo, and Depository Trust & Clearing Corp.

Read more...

What is security transparency?

Categories: Compliance

By Andrew Storms

Transparency is a common theme in politics and Wall Street these days. The 2008 elections, dealings of TARP, financial institutions run a-muck are all places where we hear the word transparency bandied about on a daily basis. While many security professionals speak about transparency when it comes to information security, very few definitions fit the overarching idea of transparency. I believe that the time has come for information security professionals to both dig deeper and out of the idea of transparency to gain a better understanding of this concept.

Read more...

Privacy problems in the cloud

Categories: Compliance

With the economy cratering, staffs and budgets being cut and resources scarce, cloud computing has quickly become the prettiest girl at the prom. IT managers love its convenience and power and accounting departments are quite fond of its cost efficiencies.

But what of security and privacy? Where do they factor into the equation, if at all?

Read more...

Google launching members-only security forum

Categories: Compliance

internetnews.com’s Kenneth Corbin has the scoop on plans by Google to launch a members-only security forum for businesses, law enforcement, government agencies and others to combat malware and fraud on the Web.

In addition to Google, the Internet Security Community will draw participation from Xerox PARC, representatives of the Federal Trade Commission and others.

Read more...