How A Security Company Applies Security

By Larry Ketchersid, Chairman and CEO at MediaSourcery

Similar to security assessments, network architecture designs and other projects, a development project, such as this one involves the exchange of confidential data, including in this case, intellectual property designs, requirements documents, test plans, code fragments and road maps. We could have chose to exchange these documents over email, or printed them out and sent them next day parcel post. Instead, we ate our own dogfood and utilized IslandPKI encrypted document and message transfer…

Lest We Forget About Enterprise Security

By Shubhendu Parth, CTO Forum Team

Are CIOs spending less time on supervising what they should be doing the most—strengthening the citadel and securing the digital assets—particularly when corporate wide cyber crimes and espionage have started to show a quantum jump even in developing economies like India? Security may be a key thing that worries CIOs, but there are other things that keep him occupied these days.

Security Assurances are Challenge for CIO’s

From the CTO Forum Team

In an exclusive interview with the CTO Forum, Tom Clare, Sr. Director Product Marketing Blue Coat Systems, cautions CIO’s about the ignorance towards the growing web-based security threats and prescribes simple remedies to prevent from damages.

Optimizing Multiple Enterprise Applications

From the CTO Forum Team

Enterprise applications choke the corporate IT networks, and the blame invariably falls on bandwidth scarcity. Jeff Barker, VP solutions and Technical Marketing at Blue Coat Systems, talks exclusively to Rahul Neel Mani about application optimization and secured delivery.

Strategies for Secure Storage Initiatives

From the CTO Forum Team

As part of their storage security strategy, enterprises must understand the value of such intellectual property in combination with the risk tolerance of the organization before they can address how to appropriately secure it and store it. Moreover, because the value of information changes over its lifetime, so should its storage.

You Know Who’s Tapping Your Cell Phone?

By Greg George, Managing Partner of GTI Advisors

The first recommendation I make to anyone about to discuss sensitive information, remove the battery from your cell phone at every meeting, or leave the damn phone in the car – The protections you think you have doesn’t matter, anything, ANYTHING wireless, can be hacked and monitored, and quite easily…

Wozniak, et al Discuss Ripcord VoIP Security

By Kevin M. Nixon, Information-Security-Resources.com Security Editor

I recently had the opportunity to talk to some of best known innovators of our time, including Steve Wozniak, John McAfee, Alex Fielding, Phil Zimmermann, Jon Callas and Marc Hodosh. They discuss the fatal flaw in VoIP which create the ability to perform warrantless wiretaps and what they have done to lead the industry toward more trusted and secure Cyberspace.

Interviews with Wozniak, McAfee, more…

By Kevin M. Nixon, Information-Security-Resources.com Security Editor

I recently had the opportunity to talk to some of best known innovators of our time, including Steve Wozniak, John McAfee, Alex Fielding, Phil Zimmermann, Jon Callas and Marc Hodosh. They discuss the fatal flaw in VoIP which create the ability to perform warrantless wiretaps and what they have done to lead the industry toward more trusted and secure Cyberspace.

E2E Encryption Prescription Is Bad Medicine

By Kevin M. Nixon, Information-Security-Resources.com Security Editor

Encrypted traffic cannot be analyzed by a firewall unless either decrypted permissively or decrypted forcibly. The same traffic cannot be cleansed of viruses, or worm signatures, or attack characteristics (IIS URL length overflow) until the traffic is decrypted on the host. Clearly, traffic should never hit a multi-purpose operating system until after all of this happens. End-to-end encryption is what we want, but not at the price we’d have to pay. Protection of data during creation, transmission, processing and storage or End-to-End-Defense-in-Depth is what we really want, as it ensures the defense in depth best practices are not lost.

• Categories

  • Anthony M. Freed (26)
  • Bill Brenner (2)
  • Bob Violino (1)
  • Bozidar Spirovski (23)
  • Breach (540)
  • Britt Womelsdorf (5)
  • By Dr. InfoSec (2)
  • Cara Garretson (7)
  • CCCNews (1)
  • Chorey Taylor & Feil (8)
  • Christophe Veltsos (2)
  • Christopher Burgess (7)
  • CIOZone (26)
  • Class Action Lawsuit (111)
  • Cloud computing (104)
  • Coby Royer (5)
  • CTO Forum (9)
  • D&O Liability (592)
  • Daniel Wallace (5)
  • Danny Lieberman (11)
  • DataLine (10)
  • David Alexander (2)
  • Derek Crawford (1)
  • Doug Pollack (7)
  • due diligence (301)
  • Fame Foundry (1)
  • FEATURE ARTICLE (428)
  • Financial (578)
  • Fred Leland (7)
  • Gene Kim (3)
  • Government (364)
  • Greg George (5)
  • H1N1 (15)
  • hackers (530)
  • healthcare (125)
  • Heather Bourgoin (1)
  • HomeATM (8)
  • identity-theft (526)
  • IDExperts (17)
  • Ike Z. Devji (1)
  • Infosec Island Network (29)
  • Insider Threat (481)
  • Internet Crime Complaint Center (1)
  • Internet Security Alliance (62)
  • ISR News (321)
  • Jacqueline Herships (2)
  • Jenni Hesterman (3)
  • John M. Salomon (2)
  • John Watkins (7)
  • John-Patrick Skaar (2)
  • Kaliber Data Security and Compliance Consultants (3)
  • Kat Sanders (2)
  • Ken Leeser (3)
  • Kevin L. Jackson (10)
  • Kevin M. Nixon (21)
  • Larry Ketchersid (1)
  • Laton McCartney (7)
  • Lauren Taylor (1)
  • Linda McGlasson (1)
  • malware (492)
  • Mark Smail (1)
  • Mark Wright (1)
  • Mel Duvall (3)
  • Michael Eggebrecht (3)
  • Michael Lohr (1)
  • Michael O'Conner (4)
  • MicroSolved (1)
  • Mike Duncan (3)
  • Mike Meikle (4)
  • Mike Spinney (1)
  • Military (202)
  • national security (444)
  • PCI (299)
  • PCI Security Standards Council (32)
  • Physical Security (11)
  • privacy (543)
  • Rachel James (10)
  • reach (2)
  • Rebecca Herold (16)
  • Richard Stiennon (44)
  • Robert Siciliano (34)
  • Sarbanes-Oxley (493)
  • ScamStop (2)
  • Sean Wilkins (2)
  • Semyon Dukach (1)
  • Simon Heron (14)
  • Software Associates (11)
  • Steven Fox (19)
  • SUPERAntiSpyware (3)
  • Sybase (6)
  • Symplified (5)
  • The Jester (8)
  • The Privacy Professor (16)
  • Thomas R. Fox (8)
  • Tom Groenfeldt (2)
  • Tom McLain (2)
  • Trefis (14)
  • Tripwire (18)
  • Uncategorized (621)
  • virtualization (92)
  • Webcast (49)

• ISR Headline Index

  • DoS Attack Reveals Widespread Vulnerabilities
  • Study Shows Employees Put Data at Risk
  • Tracking Google’s Script Kiddie Hackers
  • Newbie Introduction to Digital Forensics Part 2
  • Simple Log Review Checklist Released
  • Press F1 for Help? Microsoft Zero Day Threat!
  • A Newbie’s Introduction to Digital Forensics
  • Security Best Practice: Trust But Verify…
  • Google, Adobe, and Big Oil Under Attack!
  • Building your OWN Malware Lab (Part 2)
  • How Twitter Spam Steals From Google, Yahoo!
  • Tech Stocks Week in Review Featuring iPad
  • DoD Endorses Certification for Hackers
  • Risk Based Enterprise Compliance Programs
  • Data Loss Prevention Has Jumped the Shark

• Recent Comments

  • Ryan Aslett on Data Loss Prevention Has Jumped the Shark
  • Tom on (Lack Of) Encryption and The HITECH Act
  • ADMIN on Patriot Hacker Hits Jihad With DDoS Attacks
  • Robert Siciliano on Data Loss Prevention Has Jumped the Shark
  • Karen J. Cox on Data Loss Prevention Has Jumped the Shark
  • Scot McLeod on Outsourcing Breach Response Lowers Costs
  • John Marke on Gartner Tells CIOs to Embrace Social Media
  • Social Engineering and Enterprise Security | CIO – Blogs and … | Enterprise Engineering Addict on Gartner Tells CIOs to Embrace Social Media
  • From Russia, With Smartphones on Top 8 Social Media Security Threats
  • Judith Hoffman on Scam Alert: Rogue Gmail Account Phishing
• 
  

  Information Security Resources

  Top network security blogs