Opinion

Opinion

IT security

• Why trust is a big deal for UK companies

  The Technology Strategy Board is working with businesses across the ICT sector to ensure they are developing secure information assurance products.  Continue Reading

• What identity management strategies should enterprises deploy for cloud environments?

  The identity management strategies enterprises should be deploying to ensure they meet the security challenges of an increasingly connected and cloud-based business environment.  Continue Reading

• Online monitoring: An undemocratic move for Internet control

  Infosec expert Dinesh Bareja speaks about the Indian government’s directive to Telco’s to monitor Internet traffic in the country.  Continue Reading

• The SME security challenge

  Over the years, research findings have consistently demonstrated widespread exposure to risk when it comes to data protection and security among smaller businesses, writes Dale Vile, managing director of Freeform Dynamics.  Continue Reading

• Security Think Tank: Measuring security maturity in the supply chain

  Experts provide valuable advice on how organisations can measure the security maturity in their supply chains and apply the results to improve their overall security posture.  Continue Reading

• Security Zone: Utilising a dedicated network test team to enhance security and reduce vulnerability

  In recent times we have witnessed multiple successful attacks on the network and infrastructure at various large organisations, writes Mugdha Raje, member of the Ethernet Testing and Certification group at AT&T Labs.  Continue Reading

• Opinion: Evolution of incident response

  During the internet's infancy, threats generally targeted a large, random audience. "Script kiddies" and "crackers" were the main culprits and their motivation stemmed from boredom to their need for recognition among their peers, writes Christopher ...  Continue Reading

• Video: The psychologist spam king – social engineering evolves

  Sometimes, there are random pieces of information we never forget. Important information, such as birthdays, or even validation that you turned off the oven or locked the front door, can be replaced by an IP address used years earlier or a funny ...  Continue Reading

• Proposed Digital Copyright Exchange IP database could ease software licensing

  As part of its review into the suitability of IP laws for the market, the government is considering providing access to a digital marketplace where users can search for and purchase licences to use copyright. The Digital Copyright Exchange (DCE) is ...  Continue Reading

• ICANN's expansion of domain names suffixes: the benefits and disadvantages to businesses

  ICANN is to allow limitless variations of domain suffixes, and, organisations can apply for gTLDs containing almost any word in any script or language". Are custom gTLDs set to dramatically change the internet landscape?  Continue Reading

• The fog of software licensing: dissatisfaction reigns - even in clouds

  There are some things in life that you just have to get on with, and in IT one of those is the management and administration of software licences, writes Tony Lock, programme director at Freeform Dynamics.  Continue Reading

• Data breaches: Steps businesses need to take to protect data

  It is a tough time for IT managers, writes Garry Sidaway, director of security strategy at Integralis. Not a week goes by without news of another data breach. The EU is discussing new regulations on data breach notification. When even security ...  Continue Reading

• Security Zone: Conquering password paranoia

  David Emm from Kaspersky writes a good article on securelist.com about the tug-of-war between the need for passwords to be strong and variable for each account and the human tendency to make them weak and similar for easy recall. He gives two ...  Continue Reading

• Let the taxman pay your software development costs

  On the back of government consultation, tax relief for companies involved in development activity is set to become even more generous and software development companies should ensure that they are taking advantage of this valuable relief, writes ...  Continue Reading

• Are you ready to respond to a security breach?

  Security breaches and compromises are no longer just a possibility but a simple matter of fact. The arduous (and arguably pointless) discussions on how to prevent organisations from ever being hacked is steadily moving on to a more productive ...  Continue Reading

• Security Zone: Planning is the key to successfully implement data governance

  When some people think about data governance they immediately jump to the conclusion that a technological solution is a holy grail for defining an answer to this substantial task, writes Finn Rye, CISSP. While a technology solution is an integral ...  Continue Reading

• Why IT leaders need to prepare for the Bribery Act

  The Bribery Act hits the UK statute book on 1 July 2011. The new legislation widens coverage from public officials and their agents to the whole of the private sector and associated transactions. Clearly this area is being taken seriously as failure...  Continue Reading

• Back to the future with government ID plans

  The government's new identity scheme promises to put citizens at the centre of online public services, says Centre for Technology Policy Research director Jerry Fishenden.  Continue Reading

• Security profession must banish flu symptoms with nimble risk-based decisions

  We talk a lot about new technology, but there are few times when technology really tears up an organisation's rulebook - but that is what the "cloud" and the iPad have done, writes Matthew Lord, CISSP. These technologies have entered our ...  Continue Reading

• Top five tips for gTLD strategy: What does Icann's decision mean for your business?

  The generic top-level domains (gTLDs) programme, approved by Icann has seen the introduction of tailored domain name suffixes and means that brands will be able to pay to use their own name as a gTLD. The shift marks one of the biggest changes to ...  Continue Reading

• ITSM and social media: maintaining best practice and adding business value

  Following mainstream adoption at the turn of the millennium, ITIL has set the pace for best practice in IT service management (ITSM), writes Patrick Bolger. By providing a practical framework for delivering and supporting IT services, ITIL has ...  Continue Reading

• Seven trends in public sector procurement that are scaring suppliers

  The government's austerity programme is having predicable knock-on effects on IT procurement and outsourcing strategies, and while there are a number of inter-related themes they all stem from a single overriding imperative - the need to cut costs.  Continue Reading

• PCI DSS v2.0: How does it affect your web application security testing?

  The latest version of PCI DSS came into effect on 1 January 2011. If you are a merchant of any size accepting credit cards, you must comply with PCI DSS v2.0 Standards from 2012, writes Fabio Cerullo, CISSP.  Continue Reading

• Consumerism and productivity: How to deal with employees' devices in the workplace

  In the first part of this discussion, I covered the hard reality of consumerisation and the dangers of letting end users take too much control of IT, writes Dale Vile, chief executive of analyst Freeform Dynamics.  Continue Reading

• Seven critical elements to maintaining a balance between regulation and innovation

  Regulation is sapping IT resources, but is there hope for innovation? asks Dave Upton  Continue Reading

• No excuses for Lockheed Martin cyber attack

  US defence contractor Lockheed Martin is reportedly blaming an apparently successful hack of its IT systems on an earlier breach of RSA Security's system, but this is nothing but smoke and mirrors, writes Steve Watts, co-founder of SecurEnvoy.  Continue Reading

• The cookies monster: How to deal with the new cookies law

  From 26 May 2011, the law concerning the use of cookies and similar technologies for storing information on a user's computer equipment is changing. Henrietta Neate looks at what the new law says and what you will need to do to ensure that you ...  Continue Reading

• Opinion: Personal device momentum will challenge traditional mobile sourcing strategies

  Enterprises are embracing mobility at an unprecedented pace, and this trend will continue to gain momentum over the next five years, writes Brownlee Thomas, principal analyst at Forrester Research.  Continue Reading

• Rationalising software licencing in the virtual age

  During any consolidation project, software licensing arrangements must be given careful thought. Andrew Buss of Freeform Dynamics discusses the legal and commercial considerations.  Continue Reading

• CIOs are from Mars, CMOs are from Venus? Not any more

  To many people, marketing and IT, and CMOs and CIOs could not be more extreme in their differences, writes Forrester's Simon Yates.  Continue Reading

• Security zone: Extending compliance to the cloud

  Most security and compliance mandates were simply not designed with cloud environments in mind – an unfortunate state of affairs as a huge amount of our data is about to go "cloudwards".  Continue Reading

• Check your software licence agreement for these common flaws

  During 2010, Forrester clients bombarded us with an increased volume of questions and complaints about software contract issues  Continue Reading

• Security zone: Mobile malware is already costing you money

  Mobile malware has already been predicted, and it is fair to say that it is now here. There are already numerous exploits and scams in the wild that have been used to exploit users and mobile devices alike.  Continue Reading

• New assurance standard required for cloud confidence

  One of the perceived inhibitors in the uptake of cloud computing, particularly...  Continue Reading

• Are you a natural risk taker? Take our free personality test to find out

  Managing IT risk in today's cyber economy is a high priority. New standards and regulations focus on operational risk management – weighing risk against reward and building in systems and procedures to try to reduce or eliminate risk.  Continue Reading

• Software engineering, but not as we know it

  With the further developments of the Chartered Information Technology Professional status, or CITP, BCS, the Chartered Institute for IT, encourages us to reconsider our understanding of our profession, writes Jon G Hall.  Continue Reading

• Security sceptics should 'just say yes'

  Companies need to realise that important business opportunities can only be achieved by taking a positive approach to IT security, writes Etienne Greeff  Continue Reading

• Review: WikiLeaks - Inside Julian Assange's war on secrecy

  The one enduring thing Wikileaks has taught us is that the internet works, if you know what you are doing.  Continue Reading

• IT governance and mobile technology

  The mobile world is undergoing explosive growth. Luckily, enterprises are beginning to realise the potential gains and losses this technology offers, enabling them to act appropriately.  Continue Reading

• Security Zone: DLP – Did we miss the point?

  Data Loss Prevention, DLP for short, is a phrase that should strike fear into everyone who does not take it seriously. And with good reason. Many companies have found themselves embroiled in legal battles, facing court cases, and even complete ...  Continue Reading

• Security Zone: The ISO/IEC 38500 IT Governance Standard

  IT governance means different things to different folks, yet it is generally understood to require alignment with best practice standards and methodologies. However, it can be really hard to see the wood for the trees due to the multiple frameworks,...  Continue Reading

• CES 2011: Security and mobile working

  Corporate computer security has recently been forced to expand beyond the usual remit of protecting company-owned devices by also protecting consumer endpoints...

   Continue Reading

• Don’t let techno-babble cloud your judgement

  Robert Morgan believes businesses must fully understand what cloud computing actually is and what it means to them as 2011 inevitable brings with it a new wave of cloud hype in the outsourcing sector.  Continue Reading

• Security Zone: More effort needed to manage third party connections

  We are increasingly aware that every day new hazards appear on the internet as the software and systems we use continue to develop vulnerabilities at alarming rates. At the same time, businesses crave the new functionality and features found in the ...  Continue Reading

• The legal considerations of cloud computing

  It's a misconception to think that all law firms are stuck in the technological dark ages.  Continue Reading

• CW Security Think Tank: How to prevent security breaches from personal devices in the workplace

  What are the most effective security practices for allowing employees to use their own computing devices while ensuring corporate data is secure? John...  Continue Reading

• Refining the language of risk

  When it comes to risk analysis, one of the most important tools an IT executive can deploy is compelling language.  Continue Reading

• Security Zone: Cloud computing puts the spotlight on security architecture

  Security is still regularly cited as a blocker to the adoption of cloud services, or other shared services, or anything being delivered "as a service". Assurance...  Continue Reading

• Which IT suppliers will win in next 18 months?

  While virtually all private sector companies publicly acclaim news of a shrinking public sector, the reality is often quite different. For example, pharmaceutical...  Continue Reading

• Ten trends you cannot ignore

  Vice-president of Nucleus Research, Rebecca Wetteman, counts down 10 issues which should be top of the IT agenda.  Continue Reading

• Freedom of action: preventing paralysis from risk

  In today's competitive markets, businesses must work increasingly hard to ensure they eliminate incidents of risk that impact company reputation and market...  Continue Reading

• Will a UK technology hub really rival Silicon Valley?

  Earlier this month, prime minister David Cameron set out the government's ambitious plans to create a technology hub to rival Silicon Valley in London's...  Continue Reading

• Beyond PCI DSS: Protecting more than just card data

  The latest version of the PCI Data Security Standard, formally released last month (Version 2.0, 28 October 2010), gives merchants, service providers, auditors and banks an opportunity to briefly review how far (or not) the card payment industry has...  Continue Reading

• Security Zone: Mobile device management - chore or chance?

  There is an opportunity for organisations to realise cost savings by allowing staff to leverage their privately owned device to access their business correspondence  Continue Reading

• Spending Review: Prepare for the insider threat as staff are squeezed

  The growing uncertainty across the public sector workforce attracts a number of risks and opportunities around staff behaviour. Public sector leaders need...

   Continue Reading

• Time for the UK to act on cybercrime

  Until now, the coalition government, and the Labour government before it, has merely paid lip-service to the threat posed by serious cybercrime.  Continue Reading

• Security Zone: Faking IT support

  There is plenty of fakery of all sorts in the IT business, and the security sector has seen more than its fair share  Continue Reading

• Security Zone: An open source approach to web application security

  By following some practical steps companies can build a cost-effective web application security programme by using tools, documents and procedures developed by volunteers from open source organisations such as OWASP and WASC.  Continue Reading

• Wikileaks highlights need for better data access control

  Whistleblowing site WikiLeaks has caused controversy in the US as highly confidential government data has found its way on to the site and into the public arena.  Continue Reading

• The growing security threat from mobile phone apps

  It was only a matter of time, but it looks like mobile applications are now sufficiently ubiquitous to attract the serious attention of cyber criminals.  Continue Reading

• The Corporate IT Forum: Users are human and part of the risk matrix

  Dani Briscoe, services manager, The Corporate IT Forum (Tif), points out that secure user authentication is a difficult balancing-act for IT security professionals.  Continue Reading

• Gartner: What matters is risk-appropriate authentication

  A glib answer to the first part of the question would be, "No. We have already passed that stage." But that would not be universally true.  Continue Reading

• ISF: Federated identity services may be the way forward

  In a world where users expect access any time, any place, anywhere, the days of an employee just sitting at an office desk in front of a desktop PC and accessing 'the network' by entering a single username and password are long gone  Continue Reading

• ISACA: more complexity delivers security, but not without cost

  We are all familiar with the string of characters '12345' - according to some articles it was the most commonly used password at the dawn of the internet. Passwords are used on a daily basis to access online applications or systems.  Continue Reading

• ISSA: Strike a balance between security and co-operation

  "George?" Not normally a question that requires an answer, but this was the challenge used by the American airborne during Operation Huskey one in WWII to identify each other during night operations.  Continue Reading

• ISC2: The more complex the technology, the greater risk users will bypass it

  Are we reaching a stage where passwords need to be replaced by two- or even three-factor authentication methods and is there a future in federated identities?  Continue Reading

• Confessions of an unexpected CIO

  When an experienced chief information security officer took up a new role as CIO for a US Senate campaign, he found he had more to learn than he expected  Continue Reading

• Think tank: What is the ideal standpoint for security decisions?

  Are security decisions in companies made from an economic, organisational or technological standpoint and what is the ideal?  Continue Reading

• Getting value from the CISO

  The business has good cause to be dubious about the value that the CISO brings. Data loss incidents continue to occur with frequency and information security organisations are looking impotent as a result.  Continue Reading

• Security Zone: ITIL to integrate security management processes

  The enormous interest in the Information Technology Infrastructure Library (ITIL) framework can really only be compared with the PRINCE2 Project Management methodology and the ISO 27000 series Information Security standards.  Continue Reading

• How to stop cookies stealing your personal information

  The Office of Fair Trading reported in May on the effects on consumers of online advertising presented as a result of tracking the user's online behaviour, writes Steve Smith, managing director at Pentura.  Continue Reading

• Think Tank: Are businesses ready to meet the requirements of e-discovery regulations?

  To what extent is e-discovery understood and accommodated by IT and the business?  Continue Reading

• Security Zone: An incident response function is essential for business

  There is an intriguing move underway to replace the often part-time security incident response teams or committees tasked with reacting to security incidents with a number of key dedicated full-time individuals and a more full-fledged function for ...  Continue Reading

• How complex event processing could help stop hooliganism at the World Cup

  As kick-off for the 2010 World Cup looms, security measures are ramping up. Earlier this month South African police released images of its police units in armoured uniform to deter crime and send a message to potential football hooligans that ...  Continue Reading

• Private data: balancing customer privacy against the need for useful data

  The interaction between customers and suppliers is simple: suppliers seek to meet customer needs by understanding their preferences and providing them with the most attractive products to meet their needs.  Continue Reading

• Opinion: What Facebook should do next

  Facebook is at a crossroads. If it continues to give the impression that its approach to consumer privacy is flexible or indifferent, it risks alienating its 400 million users.  Continue Reading

• The impact of technological change on risk management

  As the business community begins to investigate opportunities to introduce new technology devices in their business, questions are starting to arise about...  Continue Reading

• Security Zone: Setting security boundaries for de-mergers

  There are many texts explaining how information security can be affected by company mergers. But what happens when part of your organisation is being sold off, or spun off as a separate company? Michael Pike, CISSP, an information security ...  Continue Reading

• Security zone: Application security spans IT and information security

  Web application security is an area of IT security that deals primarily with the security of applications - are we vulnerable to SQL injection, cross-site scripting, XSRF, session fixation and a smorgasbord of other nasty Open Web Application ...  Continue Reading

• Collaboration is key to ensuring digital data security

  The iPad is the latest addition to a variety of mobile devices that can change the way we interact with people, businesses and, in some cases, government....

   Continue Reading

• (ISC)2: Crime scene must be protected

  Just because I carry a first aid kit in my car, does that make me equipped to deal with a road traffic incident? Probably not, writes Cheryl Hennell, ISC2 member and head of IT and information assurance LRE, Openreach.  Continue Reading

• BCS: First step is to recognise the threat

  The problem of the internal "black hat" (person intent on doing harm to a computer system) is not a new one. Many organisations choose to implement a system in which they escort staff from the premises when they are made redundant or fired, in order...  Continue Reading

• ISACA: Rigorous approach is required

  More than 70% of UK homes have a computer, with over 93% connected to always-on broadband. In the majority of criminal and corporate cases, somewhere in the background a computer, PDA or cell phone may be lurking - hence the case for computer ...  Continue Reading

• ISSA UK: Organisations must be prepared

  The scouting motto "be prepared" saved Maldives president Maumoon Abdul Gayoom from assassination in 2008 when a local Boy Scout stepped in to foil his attacker. Being prepared for a security incident affecting computer systems may not produce such ...  Continue Reading

• ISACA Security Advisory Group: Organisations must be forensic ready

  The phrase "Crouching tiger hidden dragon" is a Chinese proverb that has many possible interpretations. My favourite is "everyone conceals their strengths from others to preserve the element of surprise", writes ISACA Security Advisory Group member ...  Continue Reading

• Corporate IT Forum: Downturn has changed employee attitudes

  The plotting of terrorist activity is an extreme example of employee misuse of access, but there is little doubt that the deteriorating economy has impacted on the quality of internal business relationships and, ultimately, heightened employee ...  Continue Reading

• Security Zone: Consider human ability in your IT security policy

  A user who consistently has problems remembering their password may have a learning difficulty such as Dyslexia or poor recall. If this is the case, the problem is not the user, it is the company's password policy.  Continue Reading

• Effective way for organisations to tackle ‘porn in the office’

  For too long, the "porn in the office" issue has been the elephant in the room - a genuine corporate concern but one that organisations had no idea how to address and so have just ignored, writes Andrew Millington, managing director of Exclaimer ...  Continue Reading

• Opinion: The impact of Google's trademark victory

  The European Court of Justice (ECJ) has delivered its judgment in the landmark case of Google France versus Louis Vuitton Malletier.  Continue Reading

• A security expert’s checklist for deploying software as a service

  As the person responsible for the security of your enterprise data, you need more than faith as assurance that SaaS providers will meet your security requirements  Continue Reading

• Security Zone: Ensuring security in offshoring

  For some time, many large corporates have been offshoring and smaller companies have followed suit. But how do you ensure that your company's data remains secure?  Continue Reading

• How can organisations guard against phishing scams?

  What should information security professionals be doing to ensure their organisations are protected from phishing scams aimed at private enterprise? John...  Continue Reading

• Security Zone: Enterprise architecture is too often a missed opportunity for security

  As more and more organisations use enterprise architecture as a tool to fight IT complexity and increase business alignment and agility, security is often...

   Continue Reading

• Think Tank: What should corporate IT managers do to ensure data protection?

  Hacks of Google and at least 20 other companies in December prove that sophisticated cyber espionage attacks are a real and present danger. But in the light of the fact that most commercial security tools are ineffective against these attacks, what ...  Continue Reading

• Security Zone: Oracle follows Sun in search of hardware

  Within a sector dominated by well-established titans, hardware is one of Sun's traditional core business areas, with servers and workstations based on its...

   Continue Reading

• Portable data security - ebb and flow

  Ten years ago the dawn of a new decade brought with it a trickle of employees requiring the ability to access information while away from the office. Today...

   Continue Reading

• Information overload: lessons from the Christmas Day terror attack

  The foiled Christmas Day attempt to blow up a plane over Detroit has once again sparked debate about international security and how data relating to passengers...

   Continue Reading

• Social media needs a social security strategy

  There are plenty of stories about companies using social networking, micro-blogging and online collaborative services to generate business leads, build sales...

   Continue Reading

• Security Zone: How to complete a security questionnaire

  Michael Pike discusses the rules of responding to a security questionnaire when bidding for IT work from a large company.  Continue Reading

• Preparing your IT security for the mobile information boom

  Hardly a day goes by without a new innovation in mobile technology. Mobile banking and transactions will soon be commonplace, and organisations such as hospitals and councils increasingly rely on mobile devices to access sensitive information from ...  Continue Reading