09/11/2007 - Dan Sullivan, an author and security expert, has penned a comprehensive text that will help readers better understand how these losses occur and how to prevent them. The Definitive Guide to Information Theft Prevention is an eight-chapter e-book available for free (the e-book is sponsored by Permeo Technologies, a provider of secure remote-access solutions)
09/11/2007 - Organizations do not function in a vacuum. They must balance and navigate business processes and interdependencies, the Internet, distributed systems, and legislation and regulation, just to name a few factors that influence their environment and posture.
09/07/2007 - Credit card fraudsters are costing the economy billions of dollars each year. Merchants can minimize those losses by taking preventive measures, such as comparing IP addresses to ascertain the distance between the person ordering the goods and the billing address of the online buyer, noting whether a free e-mail address was used, and checking for the use of anonymous proxy servers. A paper from FraudLabs, which offers antifraud services for online merchants, outlines more measures.
@ 10 Measures to Reduce Credit Card Fraud for Internet Merchants is at SM Online.
09/07/2007 - There are seven steps in a phishing attack, from preparation through successful infection of a victim to the fraud committed using stolen information. Fortunately, there are countermeasures available for each stage. For example, organizations should monitor call volumes and the type of questions customers are asking; a large number of calls regarding password problems can signal a phishing attack. To interfere with the use of compromised information, organizations can use two-factor authentication devices such as biometrics. Instituting delays in some types of money transfers can provide time to detect and void phishing-based transactions.
@ Online identity theft: phishing technology, checkpoints and countermeasures, from the identity theft technology council,is at SM Online.
08/10/2007 - The CISO Handbook: A Practical Guide To Securing Your Company is written by several Certified Information Systems Security Professionals who have set out to write the ultimate information officer’s handbook.
07/31/2007 - A stable of trained and experienced specialists exists in the security profession to assist in duties that fall outside the knowledge of most security managers. One of those specialties is examination of documents, the topic of this book.