Infosecurity Opinions
Comment: Avoid 'Friend or Foe' Syndrome with your IT Auditor
In a perfect world, the confidence and communication that exist between an organization and its IT security auditor might resemble the doctor–patient relationship. But when Philip Lieberman examines this critical aspect of IT security, he finds an increasingly troubled history – and makes some suggestions about how both sides can gain more from the partnership.
Comment: Companies Lose Encryption Keys – and Security – in the Amazon Cloud
Jeff Hudson of Venafi discusses the importance of proper education and best practices for protecting SSL and SSH keys that secure the cloud
Comment: Encryption Vendors May Be the Weakest Link
Infosec analyst Matthew Pascucci examines the security incidents that have plagued encryption and authentication vendors this past year and calls on them to beef up their own in-house security, or face the possibility of sanctions
Comment: Security Has Become a Black and White Issue
As cyber-attacks become increasingly sophisticated, Bimal Parmar of Faronics argues that organizations can no longer rely solely on traditional blacklist technologies, but must adopt a layered approach to endpoint security
Comment: Password Reuse Equals Misuse
A recent survey by Swivel Secure shows that 55% of people use the same password, or variations of one, to access all their online activities. Chris Russell examines the corporate risks of password reuse and emphasizes the need for multifactor authentication for accessing business critical data
Comment: Cyber-gang Crackdown Cripples Malware Traffic…for Now
This past summer’s FBI-coordinated crackdown on computer scareware companies virtually shut the fake security software business down, but without the implementation of tough, diverse preventative solutions, Enigma Software's Alvin Estevez says it might remain akin to nothing more than cutting off the head of a hydra
Comment: Implement Comprehensive Mobile Security – Today
Mobility and consumerization mean that the landscape of the corporate IT estate is changing in ways that are making new demands of security professionals. Dave Everitt of Absolute Software explains why a multi-tiered security strategy is essential to overcome increased threats
Comment: It’s Time to Take APTs Seriously
Ross Brewer of LogRhythm explores the danger posed by advanced persistent threats, the rash of high-profile data breaches that have been making headlines this year, and the steps organizations should be taking to protect IT assets
Comment: Network Forensics – Beyond Activity Monitoring
Network activity monitoring can alert a company to a security breach or an attack, but Jay Botelho of WildPackets points out that a network forensics solution can take network monitoring a step further and use this information to prevent future attacks
Comment: Tackling Data Protection Concerns on Public Cloud Services
To ensure highest security and compliance standards are met in the cloud, organizations need to adopt a data-centric approach that focuses on protecting data throughout its lifecycle, argues Mike Smart of SafeNet.
Comment: Privacy, Trust and Identity in the Cloud
The cloud provides many services that are used by individuals to network, and to buy services. ISACA’s Mike Small explores how this has created new challenges relating to identity, privacy and trust
Comment: We All Need to Keep Closer Tabs on Financial Data
Mohan Koo, managing director of Dtex Systems, explains how recent data breaches show that organizations are focusing on external security while neglecting insider threats
Comment: Power to the People to Secure Consumerized Devices
How should you deliver security to the personal devices your users want to use for work? Simple – give the users some responsibility. Terry Greer-King of Check Point explains
Comment: Intelligent Network Forensics – Peeling Back the Onion
Dealing with a true ‘targeted’ attack or ‘advanced persistent threat’ (APT) is a process, not an event, and it includes a discovery phase, an investigation phase, and a remediation phase. The objective is being able to see, study, and stop the threats that are flowing over networks, says Kurt Bertone of Fidelis Security Systems
Comment: The SSL Offload Dilemma
Nathan Pearce of F5 Networks discusses why more organizations are reviewing their security in the wake of recent breaches, how raised security arrangements will inevitably put strain on servers, and the need to take action.
Comment: EU Data Breach Notification Law is a Start, but Not Enough
In the wake of the announcement that companies in the EU will have to disclose data breaches, Thales’ Steve Brunswick suggests the imposition of fines would improve information security standards
Comment: Phone Hacking – Scandal, Spyware and Trust
Gareth Maclachlan, founder and COO of AdaptiveMobile, discusses the issue of mobile malware and explores why mobile operators need to enhance their security practices to ensure subscribers are protected from the increasingly sophisticated range of mobile threats
Comment: Physical Security in a Digital World
While most managed services providers can provide excellent levels of digital security, servers still exist in the real world and this is often where they are at their most vulnerable. Simon Neal, COO at The Bunker, outlines why some measures and human processes should be implemented to guard against physical threats
Comment: Don't Forget Your Password (Security)
Idan Shoham of Hitachi ID Systems explores today’s authentication methods and why password security is still relevant in today’s environment
Comment: Securing Mobile Commerce from Start to Finish
With the rise of mobile commerce comes increased responsibility for retailers to ensure they have the necessary systems in place to protect customer data, writes Verizon Business’ David Tran.
