Despite some shortcomings, software-based network access control technology that enforces policies on network endpoints is often the first choice of customers who adopt the technology.
Tim Greene |
13 Nov |
Read more
Whether they're in branch offices or home offices, workers are increasingly telecommuting instead of working in a traditional centralized office environment.
Brad Reed |
23 Oct |
Read more
The annual report from Georgia Tech Information Security Center identifies five evolving cyber security threats, and the news is not good.
John Cox |
16 Oct |
Read more
If there is truly a gray zone in the struggle between online good and evil, anonymous proxy servers live there.
Bill Brenner |
15 Oct |
Read more
The role management software vendor community is relatively young, and as such, Burton Group says there is no clear market leader. Vendors can be categorized into two segments: general purpose solutions and embedded solutions.
Mary Brandel |
09 Sep |
Read more
Role mining and discovery: The ability to collect user access and authorization information from a variety of resources, associate this data with candidate roles and responsibilities, propose alternative roles and leverage decisions made about the data on an ongoing basis.
Mary Brandel |
09 Sep |
Read more
Role management software enables the creation and lifecycle management of enterprise job roles, according to Forrester Research. It does this by discovering and logically grouping application-level, fine-grained authorizations and entitlements into enterprise job roles, which can then be assigned to people by rule-based provisioning or request-approval workflows.
Mary Brandel |
09 Sep |
Read more
The generation gap. It's a term that has been used for decades to describe the differences between people in various age groups. Corporations are constantly considering what makes different generations tick when it comes to recruiting and retaining employees. But security experts say companies also need to examine age-based perspectives and habits when it comes to risk assessment and policies.
Joan Goodchild |
11 Aug |
Read more
If there is a Holy Grail in the information security industry, it surely is the answer to the question, "How secure is secure enough?"
Jaikumar Vijayan |
29 Jul |
Read more
Think your security staffers are trustworthy? Competent? Knowledgeable? Ask a security professional for horror stories and you might think again.
Lisa Vaas |
23 Jul |
Read more
Remember the old M&M analogy - security is like an M&M candy, hard shell on the outside, soft on the inside. In other words, put up firewalls, built a strong perimeter and you're good to go. Of course, nobody believes that M&M-type security is sufficient in today's world of insider threats, data leakage, mobile workers, thumb drives and sophisticated malware. So, what's the new metaphor? We asked around and came up with a number of interesting and useful ways to think about enterprise security.
Network World staff |
15 Jul |
Read more
Malicious ATM intrusions, such as the late-winter breach that resulted in the compromise of Citibank debit card data, are not at all surprising given the vulnerable state of many of the servers and other components involved in processing such transactions, according to some industry representatives.
Jaikumar Vijayan |
08 Jul |
Read more
When risk is present it calls for treatment, and security is a never-ending process... right? Yes, but as a security professional, it's easy to become focused on the hard problems (download PDF) of security -- falling into the arms race for more, more, more security controls -- and lose sight of the impact of the controls themselves.
Jon Espenschied |
25 Jun |
Read more
Security issues often seem to smolder more than burn, but these six are certainly capable of lighting a fire under IT professionals at a moment's notice. Handle with care.
Ellen Messmer |
06 Jun |
Read more
Theft of laptops and other mobile devices is spiraling, and the consequences -- financial and other -- are getting increasingly dire.
Nestor E. Arellano |
05 Jun |
Read more
Security assessment and deep testing don't require a big budget. Some of most effective security tools are free, and are commonly used by professional consultants, private industry and government security practitioners. Here are a few to start with.
Jon Espenschied |
28 May |
Read more
Whether you hire outside consultants or do the testing yourself, here are some tips for making sure your time and money are well spent.
Sandra Gittlen |
28 May |
Read more
It takes a lot to shock Chris Goggans; he's been a pen (penetration) tester since 1991, getting paid to break into a wide variety of networks. But he says nothing was as egregious as security lapses in both infrastructure design and patch management at a civilian government agency -- holes that let him hack his way through to a major FBI crime database within a mere six hours.
Sandra Gittlen |
28 May |
Read more
Bookmarking these sites will help you protect your network, comply with government regulations and stay ahead of all the latest threats.
Jon Brodkin |
08 Apr |
Read more
These forward-thinking IT managers are working at dismantling the stereotype of the risk-averse security professional-cum-business foe. How? By showing business colleagues they understand company operations and appreciate corporate goals.
Cara Garretson |
19 Mar |
Read more