In Depth

In Depth

IT risk management

• Best practice in outsourcing security

  The issues CIOs must consider in balancing security needs and budgetary constraints  Continue Reading

• Royal Holloway 2012: An analysis of cloud security certifications

  In his Royal Holloway 2012 thesis, Robert Farrugia analyses cloud security certifications and suggests ways organisations can reduce cloud risks.  Continue Reading

• CW500: The business case for social media

  BT, the Met Office and the Department of Work and Pensions reveal how they are using social media to interact with staff and customers  Continue Reading

• India Inc guns for SIEM tools as maturity, viability drive growth

  SIEM tool adoption in India is rising, spurred by growth in maturity of both SIEMs and organizations. We take a broad status check of the Indian SIEM space.  Continue Reading

• Buyer's Guide: Disclosing security breaches in SMEs

  Protecting regulated data is a big enough headache for many small businesses – now they also need to think about disclosure  Continue Reading

• Infosecurity: The changing landscape

  The role of the chief information security officer (CISO) must adapt as businesses rethink IT security  Continue Reading

• CW500: Everything you need to know about big data in 15 minutes

  Harvey Lewis, research director for Deloitte Analytics, discusses the big trends in big data.  Continue Reading

• Buyer's Guide: Forrester reveals the value of IPv6 to the enterprise

  IPv6 can support a new set of customers and offers the opportunity to generate revenue from digital services  Continue Reading

• Arup Chatterjee

  SearchSecurity.in CISO Power List 2012 Profile: Arup Chatterjee, CISO, WNS Global Services.  Continue Reading

• Burgess Cooper

  SearchSecurity.in CISO Power List 2012 Profile: Burgess Cooper, CISO, Vodafone India.  Continue Reading

• Shobitha Hariharan

  SearchSecurity.in CISO Power List 2012 Profile: Shobitha Hariharan, CISO, Shoppers Stop.  Continue Reading

• Faraz Ahmed

  SearchSecurity.in CISO Power List 2012 Profile: Faraz Ahmed, CISO, Reliance Life.  Continue Reading

• Agnelo D'Souza

  SearchSecurity.in CISO Power List 2012 Profile: Agnelo D‘Souza, CISO, Kotak Mahindra Bank.  Continue Reading

• Sunil Varkey

  SearchSeacurity.in CISO Power List 2012 Profile: Sunil Varkey, CISO, Idea Cellular.  Continue Reading

• Sunil Dhaka

  SearchSecurity.in CISO Power List 2012, Profile: Sunil Dhaka, CISO, ICICI Bank.  Continue Reading

• Vishal Salvi

  SearchSecurity.in CISO Power List 2012, Profile: Vishal Salvi, CISO, HDFC Bank.  Continue Reading

• Subrahmanya Gupta Boda

  SearchSecurity.in CISO Power List, 2012: Profile: Subrahmanya Gupta Boda, CISO, GMR Group.  Continue Reading

• Adapa Raja Vijay Kumar

  SearchSecurity.in CISO Power List 2012 Profile: Adapa Raja Vijay Kumar, VP & Global Information Security Leader, Genpact.  Continue Reading

• Manish Dave

  SearchSecurity.in CISO Power List: Profile: Manish Dave, CISO, Essar Group.  Continue Reading

• Satish Das

  SearchSecurity.in CISO Power List: Profile: Satish Das, CSO and VP (ERM – Enterprise Risk Management), Cognizant.  Continue Reading

• Sameer Ratolikar

  SearchSecurity.in CISO Power List 2012: Profile for Sameer Ratolikar, CISO, Bank of India.  Continue Reading

• Nabankur Sen

  SearchSecurity.in CISO Power List 2012: Profile: Nabankur Sen, CISO, Axis Bank.  Continue Reading

• Pankaj Agrawal

  SearchSecurity.in CISO Power List 2012 Profile: Pankaj Agrawal, CISO & Head of Technology Governance, Aircel  Continue Reading

• How to formulate an effective smartphone security policy

  The mobile revolution offers new ways of working, but what are the challenges and how can they be overcome?  Continue Reading

• nullcon Tritiya’s infosec conference: Day 1 walkthrough

  Join us, as we take a look at the third installment of annual information security conference nullcon 2012.  Continue Reading

• Buyer's Guide: How to prepare your organisation for IPv6

  The switch to IPv6 – on 6 June – shows just how imminent the transition from IPv4 to IPv6 is. Is your organisation ready?  Continue Reading

• Computer Weekly / TechTarget IT priorities survey 2012

  Learn which IT priorities are at the top of UK IT managers lists for 2012. Coverage from across our network includes cloud, budget cuts, networking, security, disaster recovery and more.  Continue Reading

• When X.509 security certificates fail, servers break

  Why are X.509 certificates causing computers to stop dead?  Continue Reading

• Microsoft: Is computing more trustworthy 10 years on?

  Microsoft is marking the 10th anniversary of its Trustworthy Computing group (TwC), but has any significant progress been made since 15 January 2002 when Microsoft chairman Bill Gates sent an email memo to all employees, identifying trustworthy ...  Continue Reading

• Balance security and productivity in consumerisation policy

  The consumerisation of IT and bring-your-own-device (BYOD) programmes have become headline-grabbing issues, but in the rush to be seen to be doing something about it, organisations risk compromising security, warns Rob Bamforth.  Continue Reading

• Security Think Tank: Top five issues in taking a structured approach to security in the cloud

  Last week, experts discussed the need to focus on the basics of security in the cloud. Here, the security think tank expert panel covers a structured approach to cloud computing security.  Continue Reading

• Security Think Tank: What is the most important nut for infosec to crack in 2012?

  What is the most important nut for infosec to crack in 2012?  Continue Reading

• Security Think Tank: Managing security in the cloud

  With cloud computing, as with data breaches, it is a question of “when” not “if”, so what practical steps can information security professionals take to manage security compliance in the cloud?  Continue Reading

• Information security superheroes: are we overlooking the obvious?

  In these dark days of professional, organised cyber crime and state-sponsored cyber espionage, the world of business is looking for a cyber superhero to save the day. But in the quest for a cyber superhero, business is failing, Lois Lane-like, to ...  Continue Reading

• Security Zone: Cloud security concerns -- talk to your cloud vendor

  Inherent security risks restrict many from adopting cloud -- every CIO has questions in mind about security.  Continue Reading

• The security threats of technology ubiquity

  The ubiquity of mobile technology and internet-connected devices present new threats and increase the challenges for IT security managers.  Continue Reading

• Socialisation, social engineering, and securing the enterprise

  What can and should organisations do to convince and empower IT users to play an active part in protecting data?  Continue Reading

• The consumerisation of IT: it’s a trickle, not a tide, but you still need to be ready

  If media headlines and supplier claims are to be believed, organisations today are faced with an unstoppable tide of many different types of personal device connected to the corporate network  Continue Reading

• Professional advice on sharing data responsibility

  Information is the lifeblood of most organisations. It can take one of many forms, such as physical files, digital files or databases. Furthermore, computer systems allow us to keep data almost indefinitely, and as we generate even more every year, ...  Continue Reading

• The top five SME security challenges

  Best practice in IT security and compliance for small and medium-sized enterprises (SMEs) is often seen as a "grudge purchase", but SMEs face the same threat as larger organisations - just without their budgets.  Continue Reading

• CW500: How CIOs are exploiting the cloud

  CIOs from the Guardian, Mitchells & Butlers and Oxfam reveal how they are exploiting cloud computing  Continue Reading

• CISO Power List 2012 Nominations closed

  If you are in the business of securing organizations from all threats (internal and external), it’s time to put in nominations for the CISO Power List 2012.  Continue Reading

• Best practice in datacentre transformation

  At a recent Computer Weekly roundtable, in association with Oracle, IT directors discussed best practices for transforming the datacentre and the challenges of such a project. Lisa Kelly reports  Continue Reading

• Self-encrypting drives: What's holding back SED hard drive encryption security?

  The self-encrypting drive (SED) provides a high level of data security, is invisible to the user, does not affect workflow or performance and cannot be turned off, yet SED technology has been adopted by relatively few organisations – so what's ...  Continue Reading

• Self-encrypting drives: SED the best-kept secret in hard drive encryption security

  The SED solves many common data loss problems and is easy to use and manage with minimal impact on system performance – yet relatively few businesses and governments use SEDs.  Continue Reading

• Buyer's Guide: Choosing the right tool in a changing business intelligence landscape

  Business intelligence should provide business decision-makers with insight, but the definition is changing. The growth in data means it can only be tracked on a quarterly or yearly basis, but business leaders want to make decisions faster.  Continue Reading

• Buyer's Guide: Social networking adds another layer to CRM practices

  As with any new technology, the social network does not push away everything that has gone on before. Companies still receive paper mail, telephone calls, e-mails, web contacts and so on. All social networks do is add to that complexity.  Continue Reading

• The IT Apprentice: How technology internships bring niche skills to industry

  With IT-related GCSE and A-levels numbers falling, and university tuition fees set to rocket next year, the IT sector is preparing alternative IT career paths for young people to enter the industry as apprentices and build niche skills through ...  Continue Reading

• CIO advice: Moving to IT 2.0

  IT needs a rethink. Cliff Saran finds out what IT 2.0 will entail.  Continue Reading

• Tackling the IT security and compliance challenges for SMEs

  SME IT leaders discussed the cyber threat landscape and its impact on small and medium-sized businesses at a Computer Weekly roundtable  Continue Reading

• Telemedicine in the NHS: The benefits and costs of implementing telecare services

  Health professionals agree patients will have to do more home monitoring in the future if the NHS is to cope with an expanding population. But how advanced is the telemedicine market in the UK, and how well is the NHS positioned to implement ...  Continue Reading

• Spotlight profile: Sapior - risk-free data sharing

  Sapior is a provider of web-based services that de-risk the collection, linking and processing of sensitive data. Its on-demand browser-based service allows users to avoid the costs and breach risks of maintaining a central database. The company ...  Continue Reading

• IT and marketing: working together for business success

  The IT department builds things that scale and last, while marketing wants the next big thing - and needed it yesterday. How can heads of technology work effectively with marketing? Cliff Saran investigates  Continue Reading

• IPv6: The security risks to business

  IT security professionals say the security holes that will open up in many business organisations as the world moves over to internet protocol version six (IPv6) constitute a substantial security concern  Continue Reading

• Case study: Co-operative Group cuts costs with desktop virtualisation ahead of office move

  As the Co-operative Group (Co-op) prepares to move into its new head office in September 2012, the firm's IT team is on track to virtualise up to 3,500 desktops and merge some departments to drive cost savings.  Continue Reading

• CW500: The future of retail IT

  Bricks and mortar retailers may be struggling in the downturn, but online retailing is booming.  Continue Reading

• Buyer's Guide to VDI: How to mitigate latency and data security issues for mobile users

  Thin-client computing from green screens to tablets Thin client challenges: Latency and energy savings Mitigate data security risk among mobile users Stream data and applications kept in the datacentre Server-based computing offers variety of data ...  Continue Reading

• How to combat advanced persistent threats: APT strategies to protect your organisation

  Simple defence strategies will go a long way to preparing businesses for APTs  Continue Reading

• Will businesses opt for SaaS in next ERP lifecycle?

  As companies weigh up options for enterprise resource planning (ERP) replacement in the current upgrade cycle, should businesses opt for SaaS-based or on-premise ERP? Jenny Williams reports  Continue Reading

• Security Think Tank: How can businesses measure the effectiveness of their IT security teams?

  How can businesses measure the effectiveness of their IT security teams to ensure they are getting value? Make sure security information is available...  Continue Reading

• The business value of balancing openness with security to manage risk

  The risks to businesses of using social media is a hot topic, but it is indicative of a much broader challenge that is facing not only business, but also government, publishers and regulators, in how to balance openness and collaboration with ...  Continue Reading

• Case study: Combining PCI DSS Compliance with Unprecedented IT System Analysis Capabilities

  Like it does with most organisations who must comply, the Payment Card Industry Data Security Standard (PCI DSS) triggered a review of how Ventura, one of the UK’s largest customer management outsourcers, handled its log and event data. Since ...  Continue Reading

• Ministry of Defence security: IT information assurance in the MoD

  The MoD should update its information assurance policy, argues Paul Shanes and Chez Ciechanowicz in this Royal Hollo2way MSc thesis article.  Continue Reading

• Security Think Tank: What should businesses do to ensure their IT defences resist APTs?

  Security threat reports are increasing, identifying targeted and advanced, persistent threats (APTs) as top priorities for all organisations of all sizes and sectors. The reality of APTs has recently been demonstrated by the successful theft of ...  Continue Reading

• 2011 Royal Holloway information security thesis series

  This series of articles from recent MSc graduates of the Royal Holloway University of London grapples with a variety of information security topics.  Continue Reading

• Can data security be pinned down?

  Every organisation knows that information is one of its most valuable assets; increasingly so does anyone looking to exploit that information for their own ends, be they criminals, ex-employees with a grudge or Wikileaks-style whistleblowers - not ...  Continue Reading

• CW Security Think Tank: What’s holding up the cloud?

  CW Security Think Tank: Are security concerns and a lack of adequate risk assessment tools the reason SMEs are not adopting cloud computing, or is the real reason something else that security professionals are also in a good position to address?  Continue Reading

• Uneasy feeling: Risk management for emerging types of security threats

  Calculating risk is never an exact science, particularly when new threat vectors are constantly emerging.  Continue Reading

• Ranking the global cyberthreat, IT infrastructure risks

  What's the real threat of global cyberwar, and how vulnerable are IT infrastructures?  Continue Reading

• Smartphone risk: Does your corporate smartphone policy stack up?

  Many organisations that allow smartphones to access their networks are woefully under-aware of many of the risks.  Continue Reading

• Quocirca: Where to buy good IT security

  When should buyers rely on what is provided by infrastructure suppliers and when should they turn to IT specialists?  Continue Reading

• Who is responsible for blocking malvertisments?

  In February the London Stock Exchange (LSE) came under scrutiny when an advertisement carried on its website was blamed for distributing a virus.  Continue Reading

• Secure your SCADA architecture by separating networks

  Many critical national infrastructure systems include supervisory control and data acquisition (SCADA) functionality. These systems can be viewed as the set of software, computers and networks that provide remote co-ordination of controls systems ...  Continue Reading

• CW Security Think Tank: How to ensure the success of infosecurity projects

  What are the top reasons IT security projects fail, and what are the top reasons they succeed? What should information security professionals do -...  Continue Reading

• Is the UK in danger of squandering its IT talent?

  One of the dangers of the government's Tech City project was illustrated recently with the news that TweetDeck, one of the leading companies in east London's Silicon Roundabout tech cluster, was negotiating its sale to US-based UberMedia for $30m (...  Continue Reading

• Do UK IT professionals have the skills to help their companies implement cloud computing securely?

  Majority opinion is that skills are lacking John Colley MD EMEA, (ISC)2 An overwhelming majority of our members participating in the current edition of the (ISC)2 Global Information Security Workforce study have told us that the answer to this ...  Continue Reading

• Raising the efficacy of a Trusted Platform Module security device

  The Trusted Computing Group has set out to make interactions between computing devices more secure: But how effective is the technology it propagates? In this article, Andrew Lee-Thorp discusses the technology's potential limitations.  Continue Reading

• Threat assessment model: Testing open source software for security

  To mitigate the risks of using open source software, Yoav Aner and Carlos Cid propose a new threat modelling method for testing the security of open source software.  Continue Reading

• Risk metrics: Measuring the effectiveness of an IT security control

  In this article, based on an MSc thesis by Jonathan Pagett and Siaw-Lynn Ng, learn how to use risk metrics to gauge the effectiveness of IT security controls.  Continue Reading

• How to improve pharmaceutical data management with the TCG TPM

  This article analyses various ways in which the Trusted Computing Group's Trusted Platform Module (TPM) could be used to enhance data security for pharmaceutical companies.  Continue Reading

• Video: Laptops are not waterproof

  ComputerWeekly was sent this video from OnTrack, which we thought we'd share. Relaxing on a beach, a gentleman had taken his laptop on his holiday to...  Continue Reading

• The real cost of PCI DSS compliance

  It's difficult to overestimate the impact PCI DSS has had on information security, not least because of the expense of compliance. As part of SearchSecurity.co.UK's Royal Holloway University of London thesis series, Martin Bradley and Alexander ...  Continue Reading

• Cloud security creates new challenges

  Security consultant Heinz Zerbes writes that cloud security creates different challenges, and offers advice on how to meet them.  Continue Reading

• Top tips to guard against Stuxnet

  There is much that security professionals can learn from Stuxnet, says Adrian Davis, principal research analyst at ISF for the Stuxnet Think Tank. The malware should have sounded a call to action on several fronts.  Continue Reading

• How to combat Stuxnet

  ISSA’s Raj Samani suggests that within control system networks where only known applications run, a simple strategy to combat Stuxnet would be to allow only authorised executables to run and deny everything else.  Continue Reading

• Stuxnet – the prototype cyber weapon?

  Hailed as the most sophisticated malware ever found, Stuxnet is widely seen as a prototype cyber weapon, pushing the concept of cyber warfare into the realm of the possible.  Continue Reading

• Basic security can help tackle Stuxnet

  One important lesson IT managers can learn from Stuxnet is that it is a huge mistake to buy software with known hardcoded passwords, says John Pescatore, research vice-president at Gartner.  Continue Reading

• Security zone: opinions and insights from experienced professionals

  Information security has become a mainstream concern with well-established governance and compliance, increasing public awareness and more business processes going online. Security is an integral part of every business process. It must be built into...  Continue Reading

• Security Think Tank: What are the risks associated with social-media use, and who owns these risks?

  Is social media a security problem? What are the security risks associated with social-media use, and who owns these risks?  Continue Reading

• How IT departments can manage DIY technology

  Staff in companies are using low-cost accessible technology to connect their customers and innovate. One in three company employees are doing this already, under the radar.  Continue Reading

• Sneaking a smart phone into the enterprise

  Are smart phones connected to the corporate network a good idea?  Continue Reading

• Buyers guide to the connected enterprise: the next decade

  The past decade began with the steady adoption for IP telephony and voice and data convergence. Unified communications appeared a few years later and delivered a framework that supports integrated communications and collaboration applications. This ...  Continue Reading

• CIO interview: BAA checks in IT transformation

  When IT veteran Philip Langsdale joined BAA as chief information officer with a brief of creating a technology strategy to support a £4.8bn capital investment plan, he knew he was not in for a smooth ride.  Continue Reading

• Can information security deliver business value?

  Information security remains a perennial priority for IT leaders.  Continue Reading

• Think Tank: Are firms succeeding in converging operational risk management?

  To what extent are UK organisations succeeding in bringing together enterprise risk management, security, business continuity and regulatory compliance to set better priorities?  Continue Reading

• Wrench in the System: How to reorganise IT projects

  When significant numbers of workers have trouble using a business system, and familiarity breeds only frustration, resentment, and hostility, the common assumption is that more training is needed…  Continue Reading

• Will auditors allow your data to reside in the cloud?

  Do you fear the auditor more or the attacker? A lot of companies fear the auditor more. If you hold data internally, you can show the auditor your controls, but the cloud makes such demonstrations more difficult.  Continue Reading

• Buyers guide: The intrusion prevention market

  Gartner analysts Greg Young and John Pescatore examine where intrusion prevention systems are heading  Continue Reading

• Buyers guide to network security

  For years network security has been seen as central to preventing the undesirable outside world gaining access to corporate networks.  Continue Reading

• Video: Lords slam 'shocking lack of co-operation' on cyber defences

  There is a "shocking lack of co-operation" between the European Union and Nato in defending member states against cyber attacks, a House of Lords committee has found.  Continue Reading