OpenStack
Opening Keynote | Mission-Critical Applications in the Cloud – Myth or Reality?
Compliance
 Sharing personal information is central to the way people live, work and do business with each other today. And it’s only going to become more so, as the Identity Economy emerges to establish a new paradigm for commercial interactions. This raises a number of interesting questions and ...Apr. 7, 2013 03:00 PM EDT Reads: 1,710 |
 Associated Surgeons and Physicians, LLC in Indiana went from zero to 100 percent virtualized infrastructure and as a result, met many compliance and efficiency goals.
In part one of a two-part interview series, we discuss how a mid-market health services provider rapidly adopted serve...Mar. 28, 2013 11:00 AM EDT Reads: 1,838 |
 Big Data – a large amount of information that comes in a variety of forms and constantly changes – has generated a significant amount of buzz in the business world, mostly around the implications for marketing. But there’s little attention paid to its potential impact on risk managemen...Mar. 13, 2013 10:00 AM EDT Reads: 1,762 |
 Identity management just isn’t what it used to be. Gone are the days when knowing who had access to what was simply enough. In today’s world of increasing government and industry regulation; networked communications and collaboration; and pervasive mobility, the requirements have funda...Feb. 21, 2013 06:00 AM EST Reads: 3,762 |
 While recently researching a known threat group within ThreatConnect.com, we identified several interesting observables associated with targets of a single Chinese-based Advanced Persistent Threat (APT) group. Over the course of seven days, we watched the adversary tailor their comman...Jan. 14, 2013 06:15 AM EST Reads: 1,256 |
 Evolving regulatory compliance requirements can be a major headache for the IT teams responsible for identity and access management (IAM). Sarbanes Oxley, the wide range of privacy regulations and other federal requirements, have transformed IAM from a problem that keeps the chief info...Dec. 27, 2012 06:11 AM EST Reads: 3,004 |
 Designing and implementing a hybrid encryption application is a big challenge but without a supporting infrastructure it’s almost impossible. There are open source libraries that allow you to encrypt a file but only provide the translation technique. After the information has been encr...Dec. 9, 2012 04:00 PM EST Reads: 3,475 |
 PCI compliance is an absolute must for any commercial entity that is selling products or services over the Internet. It is bound up with the very strict lawful requirements, but there are many other very elementary consumer-based reasons to employ it. Not least of these is the concept ...Nov. 27, 2012 08:30 AM EST Reads: 1,910 |
 With Cloud Expo 2012 Silicon Valley (11th Cloud Expo) due to open in just under three weeks' time at the Santa Clara Convention Center, CA, let's introduce you in greater detail to the distinguished individuals in our incredible Speaker Faculty for the technical program at the West Coa...Oct. 19, 2012 12:15 AM EDT Reads: 15,622 |
 Don’t you just love spending millions of dollars to license a commercial ERP package? And then I bet you feel warm and fuzzy about hiring a bus-load of expensive consultants to come and tell you how to run your own business, following so-called ‘best practices’ built into an inflexible...Oct. 4, 2012 07:00 AM EDT Reads: 3,707 |
 Local and off-site Backup Combination. It's a best practice to have a combination of local and off-site backup. Typically you want to keep large files, like databases and system state file backups on-site. This enables a quick recovery of the latest version of these files and reduces d...Oct. 2, 2012 02:17 PM EDT Reads: 776 |
 Is your business creating a mobile app? It’s all the rage, of course. Ninety-one percent of the top 100 brands have branded apps out according to a report by mobile analytics firm Distimo last October. Symantec just announced new research that says 53% of North American companies are m...Jun. 27, 2012 12:45 PM EDT Reads: 1,858 |
 TORONTO – June 12, 2012 – PerspecSys Inc., the leader in cloud data protection solutions for the enterprise, today announced it has become a Corporate Member of the Cloud Security Alliance (CSA). The CSA is a not-for-profit organization with a mission to promote the us...Jun. 12, 2012 08:35 AM EDT Reads: 1,555 |
 Today’s software development is geared more towards building upon previous work and less about reinventing content from scratch. Resourceful software development organizations and developers use a combination of previously created code, commercial software, open source software, and th...May. 4, 2012 10:00 AM EDT Reads: 4,195 |
 Advanced malicious content and attacks are starting to threaten conventional network filtering technologies that are not able to keep up with the increased volume and complexity of network traffic. Currently, one in every 14 downloads contains malicious content that may create operatio...Apr. 24, 2012 08:00 AM EDT Reads: 1,917 |
 When we aren’t fighting crime, taking over the world, or enjoying a good book by the fire, we here on the eEye Research team like to participate in the Any Means Possible (AMP) Penetration Testing engagements with our clients. For us, it’s a great way to interact one-on-one with IT fol...Apr. 5, 2012 10:00 AM EDT Reads: 3,952 |
 Here's a common scenario and one that will become more common with the ever increasing penetration of Tablet Devices in the Enterprise... Your Senior Exec just got their iPad. They love it. They use it everywhere. Literally everywhere! That’s a scary word for anyone involved in securi...Mar. 15, 2012 10:37 AM EDT Reads: 2,030 |
 In most organizations today, there is sensitive data that is overexposed and vulnerable to misuse or theft, leaving IT in an ongoing race to prevent data loss. Packet sniffers, firewalls, virus scanners, and spam filters are doing a good job securing the borders, but what about insider...Mar. 5, 2012 06:00 AM EST Reads: 2,440 |
 Social media, including Facebook, Twitter and LinkedIn, is used extensively by many functional areas in companies today to communicate about and promote their efforts, and to interact with their constituencies. For the marketing department, in particular, social media can help build br...Feb. 7, 2012 06:45 AM EST Reads: 2,926 |
 Have to agree that this writer gets it right. At the end of his blog post, he highly recommends everyone take a good look at Google's terms of service.
And, that is more sense than we usually get from people writing about our data service suppliers, such as Apple, Facebook, Google, an...Jan. 29, 2012 10:00 AM EST Reads: 1,931 |
 We saw what typically happens when trying to use static rule-based log correlation to perform real-time incident management... combinatory explosion and lack of scalability. How do you automate non-deterministic attacks in a few discrete steps???
Today, we'll look at more scenarios fo...Dec. 20, 2011 09:00 AM EST Reads: 4,123 |
 You’ve spent months fixing the red items on an internal audit report and just passed a regulatory exam. You’ve performed a network vulnerability assessment and network pen test within the last year and have fixes in place. You’ve tightened up your information security policy and recent...Nov. 24, 2011 03:00 PM EST Reads: 3,221 |
 The goal of the scanning phase is to learn more information about the target environment and discover openings by interacting with that target environment. This article will look at some of the most useful scanning tools freely available today and how to best use them. During this proc...Oct. 12, 2011 01:00 PM EDT Reads: 3,752 |
 Web applications are vulnerable to multitude of security attacks. This exposes the underlying businesses and the consumer data wide open to public view.However for the internet application multiple programming practices need to be followed to prevent such attacks.
This paper details i...Oct. 12, 2011 06:00 AM EDT Reads: 2,959 |
 The recent spike in insider threats, coupled with a rise in compliance considerations, has forced organizations to ensure only authorized users access sensitive application functionality and data. Historically, user entitlements or authorization logic has been embedded inside an applic...Aug. 25, 2011 10:15 AM EDT Reads: 10,590 |
 I will demonstrate how to ARP poison a connection between a Windows 7 and Windows 2008 R2 Server using Cain.
The Microsoft Remote Desktop Protocol (RDP) provides remote display and input capabilities over network connections for Windows-based applications running on a server. RDP is ...Jul. 15, 2011 07:30 AM EDT Reads: 6,554 |
 In the wake of yesterday's FBI seizure of servers, it is interesting to note that one of the industry's most seasoned executives, Abiquo CEO Pete Malcolm, has been anticipating just such an eventuality for a while. In a SYS-CON.tv Power Panel recorded on the eve of Cloud Expo New York,...Jun. 22, 2011 12:00 PM EDT Reads: 4,729 |
 This week let's review why logs are such a popular and powerful tool when performing forensics, and how to insure that investigators are working from a clean stream of data.
Logs used in forensics have several distinct advantages.
First, logs can be used not only to solve the IT crim...Jun. 3, 2011 12:11 PM EDT Reads: 2,484 |
 As enterprises struggle to remain profitable in an ever-changing risk environment, the current economic crisis has elevated the need for effective business risk management. Information security is a key parameter that affects business risk. The academic definition of information securi...Feb. 9, 2011 06:00 AM EST Reads: 5,431 |
 The WikiLeaks security fiasco has shed a lot of light on document security and its inherent irony: namely that the more confidential a document is, the more it’s likely to be shared.
Web Security Journal reached out to the CEO of Brainloop, Peter Weger, to discuss the notion of so-...Feb. 5, 2011 05:15 AM EST Reads: 3,827 |
 You may think IT compliance is nothing more than big government sticking its nose into everyone’s business. Compliance equals Big Brother. OK, so there is some truth in that government compliance regulations are a little over the top, and perhaps there are just too many of them that fu...Jan. 26, 2011 07:00 PM EST Reads: 3,395 |
 Users are the weakest link when it comes to information security. Without intending to, they cost more money in security breaches than outside hackers. This is why all regulations require the demonstration of strong access security. But focusing purely on regulatory compliance proofs a...Jan. 12, 2011 12:15 PM EST Reads: 4,387 |
 The x86 architecture has become the CPU of choice not only for network appliances, but also for embedded communication equipment in wireline and wireless networking. As the need to cater to higher-performance networking while supporting security and virtualization becomes more prevalen...Sep. 24, 2010 11:00 AM EDT Reads: 5,325 |
According to Intel, the reason this makes sense are:
Acquisition enables a combination of security software and hardware from one company to ultimately better protect consumers, corporations and governments as billions of devices - and the server and cloud networks that manage ...Aug. 19, 2010 01:15 PM EDT Reads: 9,665 |
 The draft specification of CloudAudit - an API aimed at providing a common interface and namespace to enable automated the auditing of cloud infrastructures with respect to any number of compliance frameworks - has just been released to the IETF. CloudAudit, according to the draft, pro...Aug. 16, 2010 07:45 AM EDT Reads: 5,143 |
 Cybercrime saw significant growth in 2009. It increased in prevalence and geographic spread. The only thing that didn’t grow was the skill level required to participate. It was easier for non-skilled attackers to conduct sophisticated attacks because of the availability of toolkits. Th...Jun. 7, 2010 11:15 AM EDT Reads: 3,598 |
 Data is the lifeblood of any organization and, in the last decade, increasing emphasis has been placed on protecting that data so organizations can recover the information that they need in the time frame they need it. Replication is now rapidly emerging as a viable form of data protec...Jan. 13, 2010 12:00 PM EST Reads: 8,788 |
 This article discusses Open Source compliance and the challenges faced when establishing a compliance program, provides an overview of best practices, and offers recommendations on how to deal with compliance inquiries. Jan. 10, 2010 02:00 PM EST Reads: 10,699 Replies: 1 |
 The CSA domain structure–even without the benefits of the guidance–at least serves as a concrete reminder of what’s behind the slogan.
Have a close look at the guidance. Read it; think about it; disagree with it; change it–but in the end, make it your own. Then share your experienc...Dec. 25, 2009 12:45 PM EST Reads: 3,946 |
 Modern inter-networked software architecture created for today’s “on-demand” business needs have fundamentally increased the susceptibility of applications and, more important, data to security-related attacks and compromises. The rapidly changing environment: increased data breach/los...Dec. 21, 2009 01:15 PM EST Reads: 9,698 Replies: 1 |
Subscribe to Web Security Journal Email News Alerts
Subscribe via RSS
