In Depth

In Depth

IT risk management

• Risk metrics: Measuring the effectiveness of an IT security control

  In this article, based on an MSc thesis by Jonathan Pagett and Siaw-Lynn Ng, learn how to use risk metrics to gauge the effectiveness of IT security controls.  Continue Reading

• Raising the efficacy of a Trusted Platform Module security device

  The Trusted Computing Group has set out to make interactions between computing devices more secure: But how effective is the technology it propagates? In this article, Andrew Lee-Thorp discusses the technology's potential limitations.  Continue Reading

• Threat assessment model: Testing open source software for security

  To mitigate the risks of using open source software, Yoav Aner and Carlos Cid propose a new threat modelling method for testing the security of open source software.  Continue Reading

• How to improve pharmaceutical data management with the TCG TPM

  This article analyses various ways in which the Trusted Computing Group's Trusted Platform Module (TPM) could be used to enhance data security for pharmaceutical companies.  Continue Reading

• Video: Laptops are not waterproof

  ComputerWeekly was sent this video from OnTrack, which we thought we'd share. Relaxing on a beach, a gentleman had taken his laptop on his holiday to...  Continue Reading

• The real cost of PCI DSS compliance

  It's difficult to overestimate the impact PCI DSS has had on information security, not least because of the expense of compliance. As part of SearchSecurity.co.UK's Royal Holloway University of London thesis series, Martin Bradley and Alexander ...  Continue Reading

• Cloud security creates new challenges

  Security consultant Heinz Zerbes writes that cloud security creates different challenges, and offers advice on how to meet them.  Continue Reading

• How to combat Stuxnet

  ISSA’s Raj Samani suggests that within control system networks where only known applications run, a simple strategy to combat Stuxnet would be to allow only authorised executables to run and deny everything else.  Continue Reading

• Stuxnet – the prototype cyber weapon?

  Hailed as the most sophisticated malware ever found, Stuxnet is widely seen as a prototype cyber weapon, pushing the concept of cyber warfare into the realm of the possible.  Continue Reading

• Basic security can help tackle Stuxnet

  One important lesson IT managers can learn from Stuxnet is that it is a huge mistake to buy software with known hardcoded passwords, says John Pescatore, research vice-president at Gartner.  Continue Reading

• Top tips to guard against Stuxnet

  There is much that security professionals can learn from Stuxnet, says Adrian Davis, principal research analyst at ISF for the Stuxnet Think Tank. The malware should have sounded a call to action on several fronts.  Continue Reading

• Security zone: opinions and insights from experienced professionals

  Information security has become a mainstream concern with well-established governance and compliance, increasing public awareness and more business processes going online. Security is an integral part of every business process. It must be built into...  Continue Reading

• Security Think Tank: What are the risks associated with social-media use, and who owns these risks?

  Is social media a security problem? What are the security risks associated with social-media use, and who owns these risks?  Continue Reading

• How IT departments can manage DIY technology

  Staff in companies are using low-cost accessible technology to connect their customers and innovate. One in three company employees are doing this already, under the radar.  Continue Reading

• Sneaking a smart phone into the enterprise

  Are smart phones connected to the corporate network a good idea?  Continue Reading