Vendor alliance wants PCI certification program Debuting this week at RSA, the Payment Card Industry Security Vendor Alliance will provide guidance to the industry and hopes to ultimately get a PCI certification program off the ground. Intrusion detection systems are alive and kicking IPS hasn't overtaken intrusion detection systems just yet. Senior News Writer Bill Brenner reveals what customers want when they're shopping for IDS products. Pitfalls aplenty going SOA A service-oriented architecture's efficiency has often been more of a priority than SOA security. Vendors, however, are compensating with new Web services security features. Web apps remain a trouble spot Contributor George Hulme examines how cross-site scripting and code injection have become even bigger development issues than buffer overflows. Spam, phishing, IM attacks rise Malicious attacks using social engineering techniques are on the rise. While botnets may finally be forcing ISPs into the battle, enterprise security pros are working overtime on strategies to keep the threats at bay. Going Wi-Fi? Go safely Today's security professionals are forced to balance the convenience that wireless technology offers with the need to enforce a solid security policy. When physical and logical security converge For an enterprise to protect itself from today's internal and external threats, more companies are considering security programs that integrate both physical and logical security. Flurry of state disclosure laws creates confusion for CISOs Now that nearly three dozen states have enacted breach disclosure laws, national companies face the challenge of reconciling a vast array of guidelines and their implications. CISOs mastering 'softer' skills Learn why a mix of interpersonal skills have to be blended with knowledge of business administration to create a well-rounded leader. A new awareness for SIMs Experts say the use of security information and event management systems can not only give organizations overall visibility into their network security and improve their incident response, but also meet compliance demands. Developing an application security mind-set Baking security into applications can be a difficult process, but experts believe developing an application security mind-set can help create more secure software systems. FFIEC, HSPD-12 fuel growth in authentication market Enterprises aren't the only ones who have had to deal with regulations like FFIEC and HSPD-12. The vendor community has adjusted by offering cost-effective and unobtrusive authentication products, primarily focused on financial institutions. |