INFORMATION

Site Map - IT

Business PC Risk

- Thirteen percent of corporate PCs have had unauthorized USB devices attached to them, creating the risk for data loss and malware to enter the corporate system.

Data Disaster?

- One-third of IT professionals believe that a major data breach could put their company out of business.

Crooks Zero in on Valuable Data

- Zero-day attacks - the name given to exploits of vulnerabilities for which no patch is available - are the bête noires of IT security. Unfortunately, discoveries of not-yet-patchable vulnerabilities are on the rise, raising the specter of more zero-day exploits. Learn more about zero-day attacks and what you can do to combat them here.

Security and Outsourcing: Negotiate Early

- As a growing number of U.S. companies outsource software creation and data-handling functions to service providers located in other countries, the issue of data protection has gained prominence. One such problem is that 'backdoors' could be inserted in code for later use and that personal financial data could be stolen.

Data Mining

- The bill (S. 236) introduced by Sen. Russ Feingold (D-WI) would monitor government use of data mining has been approved by the Senate Judiciary Committee.

International

- A survey of 300 office workers and IT professionals by Infosecurity Europe found that 64 percent were prepared to give away their passwords in exchange for a smile and a chocolate bar; 29 percent of those surveyed admitted knowing a coworker's password.

IT Security

- How protected from data leakage is your business? A survey of IT decision makers and found 60 percent of companies lost confidential data in the last year. 33 percent believe it could put them out of business.

The Heavy Burden of IT Infrastructure Upgrades

- See what the GAO has to say about the Immigration and Customs Enforcement (ICE) effort to modernize its information technology infrastructure. The GAO's overriding critique: "[T]he program has not fully achieved many performance goals that it set out to accomplish over the past year."

Piracy

- For every two dollars worth of software purchased legally in 2006, one dollar's worth was stolen according to a new piracy study by BSA and IDC.

Testing IT Plans

- Contingency and computer-security emergency-response plans must be kept in a state of readiness. Three key components of readiness are tests that ensure that the plan will work as described; training that informs personnel of their roles and responsibilities vis-a-vis the plan; and exercises that simulate an emergency to test the plan's viability. The National Institute of Standards and Technology has created an in-depth guide to tests, training, and exercise programs as they relate to IT plans. The guide includes checklists as well as detailed sample objectives and scenarios. Read the guide: Test, Training, and Exercise Programs for IT Plans and Capabilities.

Identity Theft

- The Department of the Treasury, along with several other agencies, has issued a proposed rule that will require financial institutions and creditors to establish a program to reduce identity theft.

Insights on Internet Investigations

- The National Institute of Justice has issued another in its series of reports on investigating high-tech crimes. It provides guidance on such issues as tracing an Internet address to its source. It also looks at specifics with regard to various issues such as Web site capture tools and Web archiving sites that may help an investigator determine the content of a site at the time the crime was committed. It likewise discusses the unique concerns involved in investigations of instant messenging (IM), chat rooms, and Internet Relay Chat. It notes, for example, "Service providers are not required to retain IP address information. Therefore, when an IM program is involved, time is of the essence." Read the complete report.

Who's Who and What's Where

- (ISC)2, a nonprofit involved in educating and certifying information security professionals, has issued its '2007 Resource Guide for Today's Information Security Professional, Global Edition.' The 126-page almanac is available free from the Web site. It lists information about security-focused professional associations, conferences and trade shows, Web sites, online and print publications, and educational institutions in North, Central, and South America and the Europe/Middle East/Africa and Asia-Pacific regions. Read the resource guide.
 




Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.