Infosecurity Opinions
Comment: Governance is Key to Managing Cloud Risk
Adopting cloud computing can save money, but good governance is needed to manage the risks, says analyst Mike Small
Comment: Piracy the Real Winner in War Against SOPA
Not all provisions written in the original draft of SOPA were as bad as hype suggested; claims of it fueling Internet censorship are grossly exaggerated if you read its core provisions. Piracy is a multi-billion dollar problem that needs federal intervention, says GuardTime’s Mike Gault
Comment: Make PCI DSS Part of Your Security Strategy
Jeremy King, European director of the PCI Security Standards Council, describes how recent figures from the UK Cards Association showed PCI has been successful in decreasing the volume of card and bank account fraud
Comment: APT Tops Security Risks to Corporate IP in 2012
Verdasys’ Bill Ledingham shares his insights on advanced persistent threats (APT) and offers steps companies can take to increase their cybersecurity
Comment: Information Assurance as a Flexible Security Solution
Chris Mayers of Citrix UK outlines how the public sector can meet confidentiality, integrity and availability requirements in the face of ongoing regulatory and technological change
Comment: Information management policies must address risk of human error
Christian Toon, head of Information Security at Iron Mountain Europe, considers the growing number of avoidable data breaches that involve paper documents and advises businesses how to minimize these risks by getting to grips with information handling, management, storage and secure destruction.
Comment: It’s Time for Smartphone Security
As the mobile market grows, so does mobile malware. Don DeBolt, director of threat research at internet security company Total Defense, discusses how IT practitioners and company employees can best stay safe by protecting themselves from mobile hacks, privacy concerns and more in a day and age when mobile malware is on the rise
Comment: Data Governance Must Evolve to Meet Growing Insider Threat
Insider-driven data leaks are in the news every day, and unstructured data provides the biggest challenge for IT to secure and manage. Brian Vecci of Varonis Systems highlights key steps that organizations can take to measure and improve their data governance, and reduce data loss from insiders
Comment: Get Your Money's Worth from PCI Pen Testing
Orthus’ chief executive, Richard Hollis, says the responsibility for a comprehensive PCI pen test rests with the client – and it’s demands. Otherwise, your pen test could end up being worthless…
Comment: Two-factor Authentication – World of the Token Necklace
SecurEnvoy’s Andy Kemshall looks at the rise of two-factor authentication and why SMS-based technology is the key to strengthening vulnerable virtual applications and access points
Comment: The Hard Cost of Misunderstanding Least Privilege
John Mutch and Brian Anderson unravel the common misunderstandings about privileged access that prevent organizations from better protecting their network perimeter from the risk of insider threat and negligence
Comment: Where the CISO Should Sit
The CISO position is making a comeback, but if not strategically positioned in an organization, it can become a powerless figurehead – competing for mindshare and budget with other “functional” operations. Ed Adams of Security Innovation points out why a CISO can be far more effective if reporting to the CEO (or highest ranking risk officer) instead of the CIO
Comment: Breaching Its Way through Congress – The SAFE Data Act
Richard Moulds of Thales discusses the merits of the SAFE Data Act as it makes its way through the US Congress
Comment: Myths Plague Perceptions of Mobile Malware
Trusteer’s Amit Klein takes a closer look at mobile malware, exploding the myths and dispelling the fantasies
Comment: New EU e-Privacy Legislation – Why You Should Act Now
George Thompson of KPMG IT Advisory explains why companies should act now in response to new e-privacy legislation, and the organizational and technical steps to consider
Comment: Avoid 'Friend or Foe' Syndrome with your IT Auditor
In a perfect world, the confidence and communication that exist between an organization and its IT security auditor might resemble the doctor–patient relationship. But when Philip Lieberman examines this critical aspect of IT security, he finds an increasingly troubled history – and makes some suggestions about how both sides can gain more from the partnership.
Comment: Companies Lose Encryption Keys – and Security – in the Amazon Cloud
Jeff Hudson of Venafi discusses the importance of proper education and best practices for protecting SSL and SSH keys that secure the cloud
Comment: Encryption Vendors May Be the Weakest Link
Infosec analyst Matthew Pascucci examines the security incidents that have plagued encryption and authentication vendors this past year and calls on them to beef up their own in-house security, or face the possibility of sanctions
Comment: Security Has Become a Black and White Issue
As cyber-attacks become increasingly sophisticated, Bimal Parmar of Faronics argues that organizations can no longer rely solely on traditional blacklist technologies, but must adopt a layered approach to endpoint security
Comment: Password Reuse Equals Misuse
A recent survey by Swivel Secure shows that 55% of people use the same password, or variations of one, to access all their online activities. Chris Russell examines the corporate risks of password reuse and emphasizes the need for multifactor authentication for accessing business critical data