Cyber Security Institute

Saturday, June 28, 2008

2008 Security Survey: We’re Spending More, But Data’s No Safer Than Last Year

In the face of growing demand to target security investments based on risk management principles—a domain foreign to many CIOs and infosec practitioners—there’s wisdom to be garnered from our peers.  Zero in on the information security risks facing your company, or you’ll likely find yourself overwhelmed.  That’s the overall message of our 2008 InformationWeek Strategic Security Study, which polled nearly 1,100 IT and business professionals about plans and priorities for securing their companies’ assets.  Getting the money for security isn’t the biggest problem: Fully 95% will see their budgets either hold steady or increase this year.  It’s that the money isn’t making data safer.


Thursday, June 26, 2008

Web firewalls trumping other options as PCI deadline nears

Companies scrambling to comply with a Web application security requirement due to take effect next week appear to be heavily favoring the use of Web firewall technologies over the other options that are available under the mandate, according to analysts.  The mandate from the major credit card companies is the latest adjustment to the Payment Card Industry Data Security Standard (PCI DSS).  Essentially, it requires all entities accepting payment card transactions to implement new security controls for protecting their Web applications.


Monday, June 23, 2008

Security and Business: Financial Basics

You need to find and use the right financial metrics to communicate security’s value to your company.  Here are pros and cons of four: TCO, ROI, EVA and ALE.


Saturday, June 21, 2008

Microsoft targets password stealers

Microsoft’s June 10 update of its Malicious Software Removal Tool (MSRT) was updated to detect and remove game password-stealing malware.  As you all probably know by now, this month in MSRT was a very significant release for Gamers everywhere with the addition of a variety of password stealers directly targeting Online games.  The main offender in this motley crew of badness is Win32/Taterf.


Friday, June 20, 2008

Desktop Virtualization Gets Military-Grade Security

Tresys Technology has released a desktop virtualization platform with a difference - it is designed from the ground up for organizations needing tight security, including military bodies.  Tresys, which has a track record of providing military systems, said its VM Fortress can cut costs for organizations which would like to implement the consolidation programs offered by desktop virtualization, but haven’t taken the leap because of security concerns.


Firewall Vendors Look to Automate Policy Changes

For IT staff in global enterprises, adding a new employee is far more involved than finding a desk and a chair for the new hire. Typically, it means huddling over spreadsheets, muttering to themselves as they figure out what changes to make to access rights and policies while taking into account a labyrinthine array of legal, departmental and compliance rules.Multiply that scene by thousands of users, spread over different countries, and you have the massive, frequently chaotic process that takes place practically every week in major companies.In response, firewall vendors are looking to help IT fight back using policy management automation solutions, designed to simplify the task of managing policies—and minimizing the risk of human error.


81% of corporate PCs lack antivirus, firewall or patches

Sophos has revealed the results of its Endpoint Assessment Test, a free online scanning tool that checks endpoints for security vulnerabilities, defined as missing Microsoft security patches, disabled client firewalls and missing endpoint security software updates.


Threat of an embedded security disaster

For many years, embedded systems have been quietly working behind the scenes of almost all modern technologies, from automobiles to factory floors to space exploration missions.  Just as the early networked desktop PCs and servers were unprepared to address the new security implications of network connectivity, today’s embedded systems present a significant new security concern, which must be addressed immediately and systematically.  Some of the critical security issues presented by modern embedded systems are: Diverse network-connected embedded systems use combinations of custom and COTS software, the details of which are typically known only to the vendor of each embedded device, making vulnerability assessment, risk analysis, and patch management difficult.


Wednesday, June 18, 2008

StoneFly Intros Encrypted IP SAN

StoneFly introduces first high-availability IP SAN with encryption to combat rising tide of data security breaches


Thursday, June 12, 2008

When it comes to data security breaches, the general public doesn’t need to know

When it comes to data security breaches, 78 percent of US IT decision-makers feel that companies do not need to inform the general public; this according to a recent survey by content security specialists Clearswift.  Of the U.S. organizations polled, 19 percent had suffered a data loss in the last 12-18 months, and of those, 50 percent had experienced more than one.


Data thieves get focused (but buyers get sloppy)

Finjan: Commoditization of market driving more targeted attempts When it comes to online data theft, credit card numbers and bank account data are so 2007.  Increasingly, thieves are after more-specialized information such as health care data, single sign-on credentials for remote log-in to corporate networks and FTP account data, according to a new report from security vendor Finjan Inc.


Monday, June 09, 2008

PGP Releases Bre-Boot Data Encryption For Mac OS X

While PGP already offers a data encryption solution for the Mac, the latest release adds a pre-boot authentication to the Menlo Park-based company’s data encryption offering for Mac’s Tiger and Leopard operating systems.  Specifically, the disk encryption solution is aimed to protect the entire content of any type of removable media, including laptops, desktops, external drives or USB flash drives, including boot sectors, system and swap files.


Wednesday, June 04, 2008

Gartner Details Real-Time ‘Adaptive’ Security Infrastructure

Gartner Security Summit 2008—What if your network could proactively adapt to threats and the needs of the business?  That’s the vision of the adaptive security infrastructure unveiled by Gartner.  Neil MacDonald, vice president and fellow at Gartner, says this is the security model necessary to accommodate the emergence of multiple perimeters and moving parts on the network, and increasingly advanced threats targeting enterprises.


Secure remote access for Apple iPhone from Check Point

Check Point announced Check Point VPN-1 support for the Apple iPhone, allowing secure remote access to corporate network systems.


New Payment Card Industry compliance solution

Tufin Technologies today announced a new PCI Compliance solution as part of its SecureTrack security operations management product.  It provides a comprehensive PCI-DSS Audit Report for security devices, helping IT security teams meet the standard’s requirements in various control areas from network security and data safety all the way to access control and accountability.


Tuesday, June 03, 2008

Apple releases Mac OS X security guide

Apple released its Security Configuration Guide for Mac OS X 10.5 “Leopard” on Monday, a 240-page document that describes ways for sophisticated Mac users to further secure their systems.


New Google Service Helps Infected Websites Clean Up

The search giant last month quietly added a new, free service called the Safe Browsing Diagnostic Page that tells whether a site flagged by Google as potentially dangerous is hosting malware, or helps distribute malware, for instance.  The idea is to give owners of the compromised Websites more information to assist in their remediation and cleanup of the site, and to provide users more information on why the site has been flagged.  The search giant’s automatic flagging of potentially risky Websites has been “highly accurate,” according to Niels Provos, senior staff engineer for Google, but it wasn’t easy for Webmasters and users to verify the results.