Application Security — Features

It's the Information, Stupid

Over the past several years there have been changes in the business environment, causing fundamental alterations in how security organizations operate to protect the enterprises for which they have responsibility.

Jason Stradley | 04 Jun | Read more

Virtualization security: protecting unique IP

Moving to a nearly fully-virtualized infrastructure in 2008 made Joel Braverman a lot more confident in both the physical and digital IT infrastructure at his (relatively new) employer Universal Audio. As manager of IT and the guy responsible for security on that infrastructure-one that supports a company whose products are both expensive and almost entirely digital-it also made him extremely nervous, he says.

Kevin Fogarty | 04 Jun | Read more

Steps for achieving proper mobile security governance

Advanced mobile devices--iPhone, BlackBerry and other handhelds--have created a growing wireless mobility environment for business, personal communication and entertainment. However, their growing use has also led to a faster increase in the depth and breadth of mobile security threats. Using a mobile device to access corporate information systems can potentially create a hole to corporate security if not protected and used properly. In a recent report from CSI, the theft or loss of corporate proprietary and customer information by mobile devices is nearly half of all sources. <a href="http://www.csoonline.com/article/217082">Data breaches</a> are real to nearly every organization of virtually any size, from the big multinational corporation to the small to medium business, including device loss, theft, misuse, and unauthorized access to corporate network and data disclosure.

Robert Zhang | 28 May | Read more

Accountability in enterprise wireless deployments

As the need for mobility has grown in the enterprise, so have the security risks. While solutions have been developed to address specific security problems, there needs to be a holistic approach to WLAN security that leverages the security infrastructure of the wireline enterprise network.

Sunil Cherian | 15 May | Read more

Information systems audit: the basics

In the early days of computers, many people were suspicious of their ability to replace human beings performing complex tasks. The first business software applications were mostly in the domain of finance and accounting. The numbers from paper statements and receipts were entered into the computer, which would perform calculations and create reports. Computers were audited using sampling techniques. An auditor would collect the original paper statements and receipts, manually perform the calculations used to create each report, and compare the results of the manual calculation with those generated by the computer. In the early days, accountants would often find programming errors, and these were computer audit findings.

Jennifer Bayuk | 18 May | Read more

Google FAIL and the Fog Over Cloud Security

Late last year, when I interviewed Google Apps senior security manager Eran Feigenbaum and his marketing partner, Adam Swidler, they talked up Google's place in cloud computing and how it was in a prime position to make a difference with cloud security.

Bill Brenner | 20 May | Read more

Antivirus Test: A Quest for Nearly Objective Rankings

<i>Editor's Note: Chaz Sowers wants reliable, indepedently tested antivirus software with few false positives. But what really constitutes an "independent" test? Unsatisfied with lab ratings, he built his own malware testbed and put 35 AV products through the paces. Here is the story behind one man's AV rankings; your results may vary.</i>

Chaz Sowers | 21 May | Read more

How to get PCI DSS compliance right

The road to becoming Payment Card Industry Data Security Standard (PCI DSS) compliant can be a long one, so here we give you the Security Standards Council's Prioritised Approach of six milestones to help your organisation start your journey.

CIO Staff | 21 May | Read more

Server Virtualization: Top Five Security Concerns

In surveys of senior-level IT managers, security is consistently one of the top five concerns, along, specifically, with security related to the hot technology of the moment. Most recently those worries have included social-networking technologies such as Twitter and Facebook and other outlets through which employees could turn loose company confidential data. But the security of virtual servers and virtualized infrastructures also rank near the top of the list-and rightly so, according to analysts.

Kevin Fogarty | 14 May | Read more