INFORMATION

Site Map - Cybersecurity

Data Disaster?

- One-third of IT professionals believe that a major data breach could put their company out of business.

Crooks Zero in on Valuable Data

- Zero-day attacks - the name given to exploits of vulnerabilities for which no patch is available - are the bête noires of IT security. Unfortunately, discoveries of not-yet-patchable vulnerabilities are on the rise, raising the specter of more zero-day exploits. Learn more about zero-day attacks and what you can do to combat them here.

Security and Outsourcing: Negotiate Early

- As a growing number of U.S. companies outsource software creation and data-handling functions to service providers located in other countries, the issue of data protection has gained prominence. One such problem is that 'backdoors' could be inserted in code for later use and that personal financial data could be stolen.

The Heavy Burden of IT Infrastructure Upgrades

- See what the GAO has to say about the Immigration and Customs Enforcement (ICE) effort to modernize its information technology infrastructure. The GAO's overriding critique: "[T]he program has not fully achieved many performance goals that it set out to accomplish over the past year."

Testing IT Plans

- Contingency and computer-security emergency-response plans must be kept in a state of readiness. Three key components of readiness are tests that ensure that the plan will work as described; training that informs personnel of their roles and responsibilities vis-a-vis the plan; and exercises that simulate an emergency to test the plan's viability. The National Institute of Standards and Technology has created an in-depth guide to tests, training, and exercise programs as they relate to IT plans. The guide includes checklists as well as detailed sample objectives and scenarios. Read the guide: Test, Training, and Exercise Programs for IT Plans and Capabilities.

Insights on Internet Investigations

- The National Institute of Justice has issued another in its series of reports on investigating high-tech crimes.

Who's Who and What's Where

- (ISC)2 has issued its '2007 Resource Guide for Today's Information Security Professional, Global Edition.'

New In PlainText

- A guide to conducting security risk assessments.

Forging Ahead with Radio Frequency

- Best practices for RFID in identity management.

Wireless Intrusion Prevention WIPing Into Shape

- Major companies pay increased attention to preventing wireless network intrusion.

Driving the Debate on Driver’s Licenses

- Is there any hope of a more secure driver’s license?

A New Perspective on Protecting Personal Data

- A trio of computer scientists at Stanford University is developing a conceptual framework for understanding privacy expectations and their implications using the tenets of a principle called contextual integrity.

New In PlainText

- The CISO Handbook: A Practical Guide To Securing Your Company is written by several Certified Information Systems Security Professionals who have set out to write the ultimate information officer’s handbook.
 




Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.