In Depth
In Depth
IT risk management
-
Windows XP end of support: What to do next
CIOs may not wish to carry on running a 12-year-old desktop OS, but thousands of incompatible applications leave many with no choice Continue Reading
-
How to tackle big data from a security point of view
Before leaping into big data, companies must be clear what they are trying to achieve, otherwise their investment will be wasted Continue Reading
-
How to find the most vulnerable systems on your internal network
Most corporate networks share common vulnerabilities, but many could be mitigated with education in “hacker thinking” for technical staff Continue Reading
-
Business priorities: what to protect, monitor and test
How information security professionals can prioritise what to protect, monitor and test in the light of current budget and resource constraints Continue Reading
-
How to preserve forensic evidence in the golden hour after a breach
There is a golden hour at the outset where a clear head and good planning can make or break any subsequent forensic investigation Continue Reading
-
CW500: Managing the mobile workforce (part 1)
Mobile working has transformed Colt Telecommunications beyond recognition over the past three years Continue Reading
-
HDFC Bank’s ISO 27004-compliant security metrics a boost toward GRC
An ISO/IEC 27004-compliant metrics program is a rarity in the Indian infosec circuit. Indian BFSI major HDFC Bank’s ISMS has been there, done that Continue Reading
-
Setting up a botnet is easier than you think
Acquiring, installing, configuring and using a powerful data-stealing banking Trojan toolkit is not as difficult as it sounds Continue Reading
-
Best practice in outsourcing security
The issues CIOs must consider in balancing security needs and budgetary constraints Continue Reading
-
Arup Chatterjee
SearchSecurity.in CISO Power List 2012 Profile: Arup Chatterjee, CISO, WNS Global Services. Continue Reading
-
Agnelo D'Souza
SearchSecurity.in CISO Power List 2012 Profile: Agnelo D‘Souza, CISO, Kotak Mahindra Bank. Continue Reading
-
Sunil Dhaka
SearchSecurity.in CISO Power List 2012, Profile: Sunil Dhaka, CISO, ICICI Bank. Continue Reading
-
Sameer Ratolikar
SearchSecurity.in CISO Power List 2012: Profile for Sameer Ratolikar, CISO, Bank of India. Continue Reading
-
Pankaj Agrawal
SearchSecurity.in CISO Power List 2012 Profile: Pankaj Agrawal, CISO & Head of Technology Governance, Aircel Continue Reading
-
Buyer's Guide: How to prepare your organisation for IPv6
The switch to IPv6 – on 6 June – shows just how imminent the transition from IPv4 to IPv6 is. Is your organisation ready? Continue Reading
-
When X.509 security certificates fail, servers break
Why are X.509 certificates causing computers to stop dead? Continue Reading
-
The consumerisation of IT: it’s a trickle, not a tide, but you still need to be ready
If media headlines and supplier claims are to be believed, organisations today are faced with an unstoppable tide of many different types of personal device connected to the corporate network Continue Reading
-
The top five SME security challenges
Best practice in IT security and compliance for small and medium-sized enterprises (SMEs) is often seen as a "grudge purchase", but SMEs face the same threat as larger organisations - just without their budgets. Continue Reading
-
Self-encrypting drives: SED the best-kept secret in hard drive encryption security
The SED solves many common data loss problems and is easy to use and manage with minimal impact on system performance – yet relatively few businesses and governments use SEDs. Continue Reading
-
IT and marketing: working together for business success
The IT department builds things that scale and last, while marketing wants the next big thing - and needed it yesterday. How can heads of technology work effectively with marketing? Cliff Saran investigates Continue Reading
-
IPv6: The security risks to business
IT security professionals say the security holes that will open up in many business organisations as the world moves over to internet protocol version six (IPv6) constitute a substantial security concern Continue Reading
-
How to combat advanced persistent threats: APT strategies to protect your organisation
Simple defence strategies will go a long way to preparing businesses for APTs Continue Reading
-
Secure your SCADA architecture by separating networks
Many critical national infrastructure systems include supervisory control and data acquisition (SCADA) functionality. These systems can be viewed as the set of software, computers and networks that provide remote co-ordination of controls systems ... Continue Reading
-
EDS report on 'dangerous' Chinook software published for the first time
Computer Weekly is publishing, for the first time, a technical analysis of the software installed on the Chinook Mk2 helicopter, the Chinook model which featured in the RAF's worst peacetime crash. Continue Reading
-
Chinook helicopter disaster - computer software failure or pilot error?
Chinook helicopter crash: was it computer software failure or a cause we'll never know? This article gives the background to the Chinook helicopter disaster with links to all the relevant articles published by ComputerWeekly and other useful web ... Continue Reading
-
Vanderbilt hospital fights archive growth with grid
Vanderbilt University Medical Centre simplifies document management using Bycast's archiving grid system. Continue Reading
-
Checklist for purchasing hardware-based encryption
Encryption appliances sit inline on a network and use specially designed electronics to encrypt data at line speeds, essentially eliminating the performance penalty imposed by encryption software running on a general server. While software-based ... Continue Reading
-
How to select the right IP PBX
Selecting the right IP PBX system for your company can be complicated. Here are some important things to consider when purchasing an IP PBX. Continue Reading
-
Storage session downloads: infrastructure track
This track looks at San and Nas issues, virtualization, distance demands, remote offices and how to build out systems. Continue Reading
-
SaaS apps being deployed by business units, not IT
When it comes to deploying applications via SaaS, IT is still behind the curve. What's preventing IT from getting control over the programs business units want? Continue Reading
-
Experts: IDS is here to stay
IDS technology has survived predictions that it would be replaced by IPS. One expert says it will remain a separate product while IPS is folded into firewalls. Continue Reading
-
Backup reporting expands to add capacity planning
Aptare adds capacity planning for primary data storage to its product line, joining Symantec in recent attempts to broaden the appeal of reporting software. Continue Reading
-
VoIP models and services: Complete guide
With clear, concise explanations of existing VoIP business models and deployment methodologies, this guide will enable you to weigh the pros and cons of each based on your needs. Continue Reading
-
Does compliance make encryption always necessary?
Many organisations look to encryption to protect sensitive data. Yet hundreds of millions of people who use the Internet also use encryption, yet most of them don't even know it. Continue Reading
-
ISO 27001 could bridge the regulatory divide, expert says
Karen Worstell, former CISO at Microsoft and AT&T Wireless, now on the advisory board of Neupart A/S, explains how ISO 27001 can be used to help companies comply with a variety of regulations and standards Continue Reading
-
Data migration product specifications
Part of the Tiered Storage Buying guide focusing on product specifications for data migration tools. Continue Reading
-
Storage Decisions Downloads: Executives' storage guide
Ideas of where firms' storage should be and where it's headed. Also key ways to integrate new technologies, processes and ideas without going over budget. Continue Reading
-
Prevent network hacks with secure Web browsing
Hackers can penetrate your network in almost unlimited ways these days, and that includes through your Web browser. Learn how to improve Web browser security and keep these hackers out of your network. Continue Reading
-
Big Microsoft Vista concerns for Big Pharma
The second installment of an ongoing series examining the challenges of deploying Windows Vista and the considerations that go into the decision to roll out the new OS. Continue Reading
-
Is a merger or acquisition in Sourcefire's future?
Sourcefire founder and Chief Technology Officer Martin Roesch, talks about how Sourcefire fits into Security 3.0 theme and how the firm may be involved in a future merger or acquisition. Continue Reading
-
Why hacking contests, 'month-of' projects don't help
Ivan Arce, chief technology officer of Core Security Technologies explains why he thinks hacking contests and public vulnerability disclosure projects do little to improve IT security. Continue Reading
-
The Art of Software Security Testing
Identifying software security flaws including the proper methods for examining file formats. Continue Reading
-
Data retrieval strategies: Document management software overview
The role of document management software in data storage and how it can mitigate risk for the enterprise. Continue Reading
-
The man behind the Month of Search Engine Bugs speaks
Ukrainian security researcher Eugene Dokukin, more widely known by his online name MustLive, is about to launch a new "Month-of" flaw disclosure project focusing on search engine bugs, at a time when many security professionals are dismissing such ... Continue Reading
-
Admins run into trouble with Microsoft updates
A DNS service failure and an ongoing WSUS glitch are among this month's frustrations as IT administrators try to deploy the latest security patches from Microsoft. Continue Reading
-
Network access control learning guide
From PDAs to insecure wireless modems, users have myriad options for connecting to -- and infecting -- the network. Created in partnership with our sister site SearchSecurity.com, this guide offers tips and expert advice on network access control. ... Continue Reading
-
ISCSI TCP/IP TOE card specifications
Key specifications for a cross-section of popular iSCSI TOE cards. Continue Reading
-
Storage consolidation: WAN acceleration and WAFS technology overview
One important avenue of storage consolidation is the consolidation of remote office storage; this is where WAN acceleration and WAFS technology comes into play. Continue Reading
-
IP storage switch and router specifications
Key specifications for a cross section of popular IP storage switch and router products. Continue Reading
-
Inside MSRC: Windows Vista security update explained
Microsoft's Christopher Budd details the first Windows Vista security updates. Continue Reading
-
When disaster recovery and data classification collide
Attendees at a disaster recovery seminar discussed the complex application dependencies when disaster recovery and data classification combine. Continue Reading
-
Will data breach be the end of TJX?
This week in Security Blog Log: Industry experts say companies can learn from a data breach and even prosper from it. But is TJX following the right example? Continue Reading
-
IT pros eye Windows Server 2003 SP2 with caution
Despite its security and stability enhancements, IT pros say they are in no rush to deploy Windows Server 2003 SP2 Continue Reading
-
Symantec threat report under the microscope
This week in Security Blog Log: Infosec professionals dissect Symantec's latest threat report and express a range of views in the blogosphere. Continue Reading
-
Measuring Vista's true security muscle will take time
Researchers are digging through the Windows Vista code right now, and when they find flaws we'll hear about it. But it's the ones we don't hear about that should keep us up at night. Continue Reading
-
LexisNexis fights crime with storage
The document search company is offering a new data forensics service staffed by former federal agents and powered by commodity NAS. Continue Reading
-
PING with Mark Odiorne
Mark Odiorne, CISO at Scottish Re, provides insights on pen testing procedures, prioritising security for senior management and keeping compliant. Continue Reading
-
RFID dispute: Vendors still hostile toward full disclosure
Many vendors still believe that security by obscurity is still the best policy and make it a priority to silence vulnerability researchers. Continue Reading
-
RFID privacy, security should start with design
Companies planning to deploy radio frequency identification technology (RFID) must demand that privacy and security issues are addressed early. Continue Reading
-
Microsoft takes a blogosphere beating over Vista UAC
This week in Security Blog Log: Industry experts take Microsoft to task over a "very severe hole" in the design of Vista's User Account Controls (UAC) feature. Continue Reading
-
Flaws haunt Symantec, IBM, Cisco and IE
Bug Briefs: Security holes plague Symantec Norton products, IBM DB2; Mozilla Firefox; Trend Micro ServerProtect; Cisco IP phones; Google Desktop; IE and Snort. Continue Reading
-
Data breach: If customers don't act, data will remain at risk
To make enterprises take data security seriously, customers must take control of their personally identifiable information and stop handing it out to businesses. Continue Reading
-
New security vendors take on sophisticated attackers
IT Security vendors are developing technologies that show promise in preventing unknown attacks and protecting machines with zero-day vulnerabilities. Continue Reading
-
Vendors: Cut the hype, truth is what sells
Storage virtualisation technologies have been purchased and implemented successfully for years. The rest of the IT infrastructure must try to catch up and, ultimately, the only thing not virtualised within the datacentre will be the last guy ... Continue Reading
-
TJX breach: There's no excuse to skip data encryption
Companies complain that database encryption products are too expensive and difficult to manage, but customer loss and breach notification costs outweigh encryption expenses. Continue Reading
-
PatchLink offers solid flaw management
PatchLink Update 6.3 is a solid solution to the enterprise patch management problem and demonstrates its true power in a Windows environment. Continue Reading
-
Inside MSRC: Microsoft updates WSUSSCAN issue
Christopher Budd of the Microsoft Security Response Center is urging customers to deploy the latest versions of the Systems Management Server Inventory Tool for Microsoft Updates or Microsoft Baseline Security Analyzer to receive all the current ... Continue Reading
-
Why don't we have clustered FC block storage?
Is it odd that the industry has made such serious strides toward incorporating clustering concepts in both file-based storage and IP -based storage, but not Fibre Channel storage? Continue Reading
-
Adobe Reader flaws spook security experts
Security experts sound the alarm over Adobe Reader flaws that could be exploited for cross-site scripting attacks and other mayhem. Continue Reading
-
Security pros glean insight from '06
Corporate acquisitions, an abundance of spam, and the White House's take on cybersecurity mark 2006. Continue Reading
-
Storage Outlook '07: Seeking better backups and archives
Tom Becchetti, senior infrastructure engineer for a major national financial services company, says compliance, backup and archiving will be top priorities in 2007. Continue Reading
-
Top client security tips of 2006
A network user without the proper know-how is a ticking time bomb when it comes to security. Check out our top five client hardening tips of 2006 to get a head start on protecting yourself from potentially dangerous users. Continue Reading
-
Top network security tips of 2006
The top Windows networking security tips of 2006 cover a range of topics, including network isolation, open source Windows security tools, VPN security and more. Continue Reading
-
Review: Reconnex's iGuard needs improvements
Reconnex's iGuard is maturing, though it still needs some usability improvements such as wizards, customisable reports and the ability to drill down on the graphs. Continue Reading
-
Review: Deep Security is a solid IPS
Third Brigade's Deep Security is a well-designed, effective product with strong configuration and policy control capabilities. Continue Reading
-
Microsoft Vista could improve Internet security
Two new Microsoft Vista features -- Kernel Patch Protection and User Account Control -- could prove especially useful in preventing serious malware infections. Continue Reading
-
Review: Lancope StealthWatch 5.5 offers more than IDS
Hot Pick: StealthWatch goes far beyond traditional intrusion detection, with powerful network-monitoring features. The optional IDentity-1000 is an essential addition. Continue Reading
-
Hot technologies for 2007
"Storage" magazine's editors reviewed technology developments, product introductions and storage standards to come up with this short list of must-have technologies for 2007. Continue Reading
-
Storage Decisions Session Downloads: Smart Shopper Track (LV 2006)
Very few storage managers have carte blanche when it comes to storage spending. Sessions in our "Smart Shopper track" help managers get the most bang for their storage buck. Continue Reading
-
Storage IPOs, brilliant or brainless
Just when we thought the fast and loose spending of the dot-com bubble was well behind us, a few recent storage company IPOs remind us that we really haven't gotten a lot smarter. Continue Reading
-
Inside MSRC: Visual Studio flaw, tool extensions explained
Christopher Budd of the Microsoft Security Response Center sheds detail about a flaw in Visual Studio 2005 and explains that support for Software Update Services 1.0 will be extended. Continue Reading
-
Infrastructure security: Remote access DMZ
An excerpt from Chapter 7: Infrastructure security from "How to Cheat at Managing Information Security," by Mark Osborne. Continue Reading
-
Zero-day tracker a hit, but IT shops need better strategy
This week in Security Blog Log: Reaction to eEye's new zero-day tracker is positive, but some experts say it won't help unless IT shops have a layered defense to start with. Continue Reading
-
Recordless email: magical or menacing?
A new startup promises recordless email. Is this a stroke of genius that will reward the company with billions of Internet bucks, or is it the end of the world as we know it? Continue Reading
-
Security Blog Log: Sailing a sea of spam
This week, bloggers struggle to purge their bloated inboxes. Their experiences lend weight to recent studies showing a breathtaking spike in spam. Continue Reading
-
Security Blog Log: Dissecting Firefox 2.0
This week, bloggers examine the security features of Firefox 2.0 and come away with mixed reviews. Does it fare better than Internet Explorer 7? Continue Reading
-
Review: Arbor Networks' Peakflow X 3.6
Hot Pick: Peakflow isn't cheap and requires an intimate understanding of data flows, applications and network infrastructure. But the investment will pay dividends. Continue Reading
-
Review: Network Intelligence's enVision
enVision offers excellent value and is highly configurable, though typically that means you have to put a lot into it to get the most out of it. Continue Reading
-
Download Advanced Storage Guide Chapter 2: Backup/Data protection (PDF)
A printable version of our Advanced Storage All-In-One Guide. Download Chapter 2: Backup/Data protection in .pdf format now. Continue Reading
-
Nmap Technical Manual
By now, most infosec pros have heard of Nmap, and most would agree that even though the popular freeware tool is invaluable, installing, configuring and running it in the enterprise is no easy task. With that in mind, SearchSecurity.com, in ... Continue Reading
-
Security Blog Log: Taking Google Code Search for a spin
This week, the blogosphere is buzzing about Google Code Search. Despite concerns that the tool will aid attackers, some see it as a boost for security. Continue Reading
-
Inside MSRC: Public vulnerability disclosures on the rise
Even though irresponsible publicly disclosed vulnerabilities seem to be on the rise, Microsoft's Christopher Budd discusses how the software giant was able to quickly release a fix for the recent VML flaw, plus offers best practices on how to make ... Continue Reading
-
School district expels outsourced backup, enrolls CDP
Revere School District dumps tape and outsourced backup, and deploys SonicWall's continuous data protection product. Continue Reading
-
Test your IQ: Business continuity -- ANSWER
This type of plan specifies a means of maintaining essential services at the crisis location. Continue Reading
-
DPM's Diary: 3 October 2006
Monday Continue Reading
-
ZERT rekindles third-party patching debate
This week in Security Blog Log: IT security pros express more reservations about third-party patching, including the CEO of a company that released one a few months ago. Continue Reading
-
PING with Suzanne Hall
In this exclusive interview with Information Security magazine, Suzanne Hall, AARP director of IT operations and security, examines how security professionals can enable telecommuters and mobile workers while keeping their data secure. Continue Reading
-
On privacy laws, every state is one of confusion
It's getting increasingly difficult for US firms to comply with regulations . David A. Meunier feels that it's time to develop safeguards and processes for this ever-changing regulatory environment. Continue Reading
-
NetApp operations chief talks growth
Tom Georgens, executive vice president and general manager at NetApp -- also rumoured to be in the running as next CEO -- discusses what's driving its growth. Continue Reading
-
Storage upstarts are tipping the vendor scales
The big storage vendors are always trying to steal a piece of each other's pie. But some small tech upstarts might play big parts in determining who comes out on top. Continue Reading