In Depth

IT risk management

CW Security Think Tank: How to ensure the success of infosecurity projects

What are the top reasons IT security projects fail, and what are the top reasons they succeed? What should information security professionals do -... Continue Reading
Is the UK in danger of squandering its IT talent?

One of the dangers of the government's Tech City project was illustrated recently with the news that TweetDeck, one of the leading companies in east London's Silicon Roundabout tech cluster, was negotiating its sale to US-based UberMedia for $30m (... Continue Reading
Do UK IT professionals have the skills to help their companies implement cloud computing securely?

Majority opinion is that skills are lacking John Colley MD EMEA, (ISC)2 An overwhelming majority of our members participating in the current edition of the (ISC)2 Global Information Security Workforce study have told us that the answer to this ... Continue Reading
Risk metrics: Measuring the effectiveness of an IT security control

In this article, based on an MSc thesis by Jonathan Pagett and Siaw-Lynn Ng, learn how to use risk metrics to gauge the effectiveness of IT security controls. Continue Reading
Raising the efficacy of a Trusted Platform Module security device

The Trusted Computing Group has set out to make interactions between computing devices more secure: But how effective is the technology it propagates? In this article, Andrew Lee-Thorp discusses the technology's potential limitations. Continue Reading

Threat assessment model: Testing open source software for security

To mitigate the risks of using open source software, Yoav Aner and Carlos Cid propose a new threat modelling method for testing the security of open source software. Continue Reading
How to improve pharmaceutical data management with the TCG TPM

This article analyses various ways in which the Trusted Computing Group's Trusted Platform Module (TPM) could be used to enhance data security for pharmaceutical companies. Continue Reading
Video: Laptops are not waterproof

ComputerWeekly was sent this video from OnTrack, which we thought we'd share. Relaxing on a beach, a gentleman had taken his laptop on his holiday to... Continue Reading
The real cost of PCI DSS compliance

It's difficult to overestimate the impact PCI DSS has had on information security, not least because of the expense of compliance. As part of SearchSecurity.co.UK's Royal Holloway University of London thesis series, Martin Bradley and Alexander ... Continue Reading
Cloud security creates new challenges

Security consultant Heinz Zerbes writes that cloud security creates different challenges, and offers advice on how to meet them. Continue Reading
How to combat Stuxnet

ISSA’s Raj Samani suggests that within control system networks where only known applications run, a simple strategy to combat Stuxnet would be to allow only authorised executables to run and deny everything else. Continue Reading

Stuxnet – the prototype cyber weapon?

Hailed as the most sophisticated malware ever found, Stuxnet is widely seen as a prototype cyber weapon, pushing the concept of cyber warfare into the realm of the possible. Continue Reading
Basic security can help tackle Stuxnet

One important lesson IT managers can learn from Stuxnet is that it is a huge mistake to buy software with known hardcoded passwords, says John Pescatore, research vice-president at Gartner. Continue Reading
Top tips to guard against Stuxnet

There is much that security professionals can learn from Stuxnet, says Adrian Davis, principal research analyst at ISF for the Stuxnet Think Tank. The malware should have sounded a call to action on several fronts. Continue Reading
Security zone: opinions and insights from experienced professionals

Information security has become a mainstream concern with well-established governance and compliance, increasing public awareness and more business processes going online. Security is an integral part of every business process. It must be built into... Continue Reading