IT risk management
Risk management is an increasingly important discipline for IT leaders, with regulatory compliance an ever-present consideration and the amount of legislation and regulation concerning data security on the rise. We examine the issues around IT risk management and the best practices that IT managers need to know.
-
News
17 May 2024
Why the UK needs to fix its broken IT security market
Ollie Whitehouse, CTO of GCHQ’s National Cyber Security Centre, says the market for secure software is broken. Are new laws required to make software companies liable for poor security? Continue Reading
-
News
15 May 2024
GCHQ to protect politicians and election candidates from cyber attacks
The National Cyber Security Centre, part of GCHQ, to protect election candidates from hostile state cyber attacks Continue Reading
-
Feature
28 May 2008
Chinook helicopter disaster - computer software failure or pilot error?
Chinook helicopter crash: was it computer software failure or a cause we'll never know? This article gives the background to the Chinook helicopter disaster with links to all the relevant articles published by ComputerWeekly and other useful web links. Continue Reading
-
News
27 May 2008
New doubts raised on Chinook crash ruling
A former senior officer who helped write rules for RAF accident inquiries has spoken publicly for the first time about his concerns over the cause of a controversial Chinook helicopter crash 14 years ago. Continue Reading
-
News
04 Apr 2008
How to scope the liability clause in your software license agreement
Standard limit of liability clauses favour the vendor. Here's how to modify them to protect your firm from IT risk. Continue Reading
-
News
23 Jan 2008
Network managers: master project management to get better salaries
Network technicians will need to learn project manager skills if corporate rollouts of wider and more advanced networks are to be successful, according to attendees at the Cisco Networkers 2008 this week. Continue Reading
-
News
22 Jan 2008
Fujitsu may quit NHS National Programme for IT
The board of an NHS trust has learned of a "significant" risk of Fujitsu ending its £900m contract to supply and implement hospital systems across southern England as part of the National Programme for IT. Continue Reading
-
News
16 Jan 2008
Wireless networks as secure as wired, study says
Wireless security may not be as dire as previously thought, according to a new 3Com study. Continue Reading
-
News
13 Dec 2007
Virtualisation provides utilisation and IT efficiency boost
Yorkshire-based Raleys Solicitors has solved a space problem in its computer room by using virtualisation technology. Continue Reading
-
News
11 Dec 2007
San adoption cuts costs and power
Advanced storage driving datacentre area and energy consumption reduction Continue Reading
-
News
26 Nov 2007
Ofcom fines broadband provider
Ofcom has fined broadband provider Prodigy £30,000 for failing to comply with requirements to provide information on how it allows customers to switch broadband provider. Continue Reading
-
News
22 Nov 2007
Security's dirty little secret
When Simon Sharwood met AVG's Larry Bridwell, he learned the security industry's dirty little secret. Continue Reading
-
News
14 Nov 2007
Home Office awards £650m e-Borders contract
The Home Office has awarded its £650m eBorders contract to a consortium led by Raytheon Systems. Continue Reading
-
News
06 Nov 2007
Adaptec reports losses
Adaptec's revenue was down year over year, as well as sequentially; DataDirect says the InfiniBand business is booming. Continue Reading
-
News
06 Nov 2007
CommVault revenues spike after update of Simpana backup app
CommVault attributes a spike in sales to the integration of features such as archiving, replication and search into its backup products. Continue Reading
-
News
01 Nov 2007
ISCSI storage gets performance makeover
Suppliers, including Ibrix, Mellanox, Alacritech and EqualLogic, are offering juiced-up new iSCSI configurations, while 3PAR, CipherMax and NeoScale boost data security products. Continue Reading
-
Feature
31 Oct 2007
Vanderbilt hospital fights archive growth with grid
Vanderbilt University Medical Centre simplifies document management using Bycast's archiving grid system. Continue Reading
-
News
28 Oct 2007
NetApp releases $3K iSCSI SAN
NetApp pushes further down-market with the release of the S300, the latest SMB iSCSI SAN in its StoreVault line. Continue Reading
-
News
21 Oct 2007
Tackling the backup and recovery challenges of tomorrow
Your data backup and data recovery challenges never stop changing. In this videocast, an EMC executive and a storage analyst discuss the new approaches you'll need to solve tomorrow's backup and recovery challenges. Continue Reading
-
News
21 Oct 2007
Intellectual property lawsuits dog storage industry
The proliferation of patent litigation among data storage companies could stifle technological innovation and drive up costs to the user. Continue Reading
-
Feature
10 Oct 2007
Checklist for purchasing hardware-based encryption
Encryption appliances sit inline on a network and use specially designed electronics to encrypt data at line speeds, essentially eliminating the performance penalty imposed by encryption software running on a general server. While software-based encryption is typically handled as a specific event or process (e.g., encrypting data during a backup process), appliance-based encryption normally can handle any quantity of data in flight. Continue Reading
-
News
05 Oct 2007
Podcast: the true cost of IT security
In this interview, Cliff Saran speaks to Martin Sadler, director of HP's Trusted Systems Lab, about how much should we be expected to spend and how much security is enough. Hackers are getting smarter and Martin believes newly trained IT professionals are ill-equipped to deal with the sophisticated nature of modern attacks due to limitations in the current way IT security is taught. Continue Reading
-
News
04 Oct 2007
Pillar announces support for 1 TB SATA drives
Pillar is one of the earliest to announce 1 TB SATA drives in an enterprise array. IBM's SVC becomes the first storage virtualization product certified with VMware. Continue Reading
-
Feature
01 Oct 2007
How to select the right IP PBX
Selecting the right IP PBX system for your company can be complicated. Here are some important things to consider when purchasing an IP PBX. Continue Reading
-
News
01 Oct 2007
UK will lead £13m study on electronic ID
The UK is to spearhead a £13m pilot project covering 13 European countries to test the interoperability of several electronic identity verification systems. This may eventually give citizens and businesses access to e-government services across the EU, if governments can agree to accept one another's vetting processes. Continue Reading
-
News
26 Sep 2007
Microsoft releases Windows Server 2008 RC0
Windows Server 2008 Release Candidate 0 (RC0) is now available for customer review. Continue Reading
-
News
25 Sep 2007
How to purchase a data encryption product
Data security is now a critical problem for every company, regardless of size. This buying guide explores the factors involved in purchasing data encryption hardware and software products. Continue Reading
-
News
24 Sep 2007
PCI council adds Pin security to remit
The PCI Security Standards Council has added Pin Entry Device (PED) security technology to its payments industry testing portfolio to streamline standardisation. Continue Reading
-
Feature
23 Sep 2007
Storage session downloads: infrastructure track
This track looks at San and Nas issues, virtualization, distance demands, remote offices and how to build out systems. Continue Reading
-
News
16 Sep 2007
Communications-as-a-service taking hold
Communications-as-a-service is taking hold worldwide as a viable hosted IP telephony system. Continue Reading
-
News
09 Sep 2007
Virtual appliance lets users convert DAS to iSCSI San
LeftHand Networks has released an edition of its SaniQ iSCSI San software that will convert locally attached disc to networked storage. Continue Reading
-
News
07 Sep 2007
Microsoft update to patch critical Windows flaw
Microsoft plans to patch a critical flaw in Windows and plug holes in MSN Messenger, Visual Studio, and Windows services for Unix. Continue Reading
-
News
07 Sep 2007
Government warns of dangerous QuickBooks Online flaw
Attackers could exploit two flaws in the popular Intuit QuickBooks Online Edition to cause buffer overflows and download or upload files in arbitrary locations, US-CERT warned. Continue Reading
-
News
07 Sep 2007
Cybercriminals employ toolkits in rising numbers to steal data
The market is increasing for crimeware toolkits that help cybercriminals avoid detection and exploit flaws, according to new research from security vendor, Finjan. Continue Reading
-
News
06 Sep 2007
Data security breach at Pfizer affects thousands
A Pfizer employee removed files exposing 34,000 people to potential identity fraud, according to the company. It was the third data breach at the company in three months. Continue Reading
-
News
05 Sep 2007
NAC switches, appliances help track users, malware
Some vendors are offering switches and appliances to monitor traffic for malware and unauthorized access, as the NAC market including Cisco NAC and Microsoft NAP sorts itself out. Continue Reading
-
News
05 Sep 2007
Firefox security issues persist despite update
Despite Mozilla's recent Firefox security update, researchers say there's another way attackers could exploit the browser for malicious purposes. Continue Reading
-
News
29 Aug 2007
Rootkit found in older Sony USB device
F-Secure says it discovered rootkit technology in Sony's Micro Vault USM-F fingerprint reader software. The find comes two years after controversy over Sony's DRM technology. Continue Reading
-
Feature
29 Aug 2007
SaaS apps being deployed by business units, not IT
When it comes to deploying applications via SaaS, IT is still behind the curve. What's preventing IT from getting control over the programs business units want? Continue Reading
-
News
28 Aug 2007
Unified communications slow to change U.S. work culture
Unified communications implementation is still high, but many enterprises have yet to allow users all its advantages. Continue Reading
-
News
28 Aug 2007
Data archives overview
When a file is lost due to user error, or data is corrupted because of system problems, the affected data can be restored from a backup. An archive is different from a backup because the data may not be used for months, even years, but must be accessed quickly when needed. There is simply no time to search through burgeoning volumes of tape or optical media to locate important files. Traditional backup platforms are poorly suited for archival data storage, and users are relying on disk storage systems for a mix of performance and reliability. Files can be archived to any disk storage system, but content-addressed storage (CAS) technology has appeared to support archiving efforts. Continue Reading
-
News
28 Aug 2007
SANS: Attackers may be attempting Trend Micro exploits
The SANS Internet Storm Center (ISC) warns that attackers may be attempting to exploit flaws in Trend Micro products to hijack computer systems. Continue Reading
-
News
23 Aug 2007
Nokia Intellisync boosts device management
Nokia Intellisync has released updates to its Mobile Suite to enhance remote device support, loss and theft protection, and management capabilities. Continue Reading
-
Feature
23 Aug 2007
Experts: IDS is here to stay
IDS technology has survived predictions that it would be replaced by IPS. One expert says it will remain a separate product while IPS is folded into firewalls. Continue Reading
-
News
22 Aug 2007
Trend Micro fixes flaws in ServerProtect, PC-cillin
Attackers could tamper with servers and run malicious code by exploiting flaws in Trend Micro's ServerProtect, Anti-Spyware and PC-cillin products. But fixes are available. Continue Reading
-
News
22 Aug 2007
Attackers target two Microsoft security flaws
Symantec warned customers about attacks targeting two Microsoft security flaws -- an unpatched DirectX Media vulnerability and the XML Core Services flaw patched in MS07-042. Continue Reading
-
Feature
21 Aug 2007
Backup reporting expands to add capacity planning
Aptare adds capacity planning for primary data storage to its product line, joining Symantec in recent attempts to broaden the appeal of reporting software. Continue Reading
-
News
20 Aug 2007
Sourcefire acquires open source ClamAV
Sourcefire, maker of the popular Snort open source IDS tool, has acquired ClamAV, an open source email gateway scanning tool. Continue Reading
-
News
20 Aug 2007
VMware acquires HIPS provider Determina
VMware, the leader in virtualization software, has acquired Determina, a provider of host IPS technology. Continue Reading
-
News
19 Aug 2007
College campuses prepare for Microsoft Vista challenges
With new Vista machines coming to campus, the IT shops of academia have no choice but to embrace the latest Windows OS and its security implications. Continue Reading
-
News
17 Aug 2007
Wal-Mart deploys new data security system
Wal-Mart Stores has deployed a data security and encryption system to secure data going over its global network. Continue Reading
-
News
16 Aug 2007
TJX profit takes hit over data breach
TJX says it has spent $256 million responding to the massive data breach that exposed 45 million customers to identity fraud, and the bottom line has suffered as a result. Continue Reading
-
News
15 Aug 2007
Latest Microsoft flaws affect Windows, IE, Excel
Microsoft released nine security updates Tuesday -- six of them critical -- for flaws in Internet Explorer, Excel and other programs within the Windows OS. Continue Reading
-
News
14 Aug 2007
Novell to acquire Senforce for endpoint security
Novell is acquiring Senforce, an early network access control supplier, to integrate its endpoint security features and develop an endpoint management suite. Continue Reading
-
News
14 Aug 2007
Apple iPhone to provoke complex mobile attacks, expert warns
Mikko Hypponen, director of antivirus research at F-Secure, said he expects mobile malware attacks to escalate thanks to interest in Apple's iPhone. Continue Reading
-
News
13 Aug 2007
Gartner security summit outlines 'Security 3.0'
Gartner has opened its Sydney Security Summit with a definition of Security 3.0. Continue Reading
-
Feature
12 Aug 2007
VoIP models and services: Complete guide
With clear, concise explanations of existing VoIP business models and deployment methodologies, this guide will enable you to weigh the pros and cons of each based on your needs. Continue Reading
-
News
09 Aug 2007
NAS appliance purchase considerations
NAS appliances are frequently touted for bringing convenience and simplicity to network storage. Appliances include their own dedicated disks for storage and RAID, and most NAS appliances can be upgraded with more or larger disks for additional storage space. However, NAS appliances do pose some disadvantages. Consequently, the choice of NAS appliance requires careful evaluation. Now that you've reviewed the essential issues involved in any NAS product, this guide focuses on specific considerations for dedicated NAS appliances. You'll also find a series of specifications to help make on-the-spot product comparisons between vendors. Continue Reading
-
News
09 Aug 2007
Sun adds virtual tape library to Thumper
Analysts say the combo of FalconStor's software, Solaris and Thumper is a good sign of integration from Sun after a disorganised year, but it's unclear if users will be convinced. Continue Reading
-
News
09 Aug 2007
VeriSign employee data exposed in laptop theft
Current and former employees of VeriSign were exposed to potential data fraud when a laptop housing their information was stolen from the car of a former employee. Continue Reading
-
News
09 Aug 2007
VoIP vulnerability threatens data
VoIP vulnerabilities have now reached a level of sophistication that allows hackers to steal, view or delete data. Continue Reading
-
News
08 Aug 2007
NAS appliance specifications
NAS appliances are noted for their convenience, offering dedicated internal storage that is relatively straightforward to identify and manage. The biggest issue for NAS appliances is avoiding network bottlenecks and supporting expansion without having to proliferate additional appliances across the network. The product snapshots in this chapter highlight key specifications for a cross section of major NAS appliance products. Continue Reading
-
News
08 Aug 2007
Cisco warns of critical IOS flaws
Attackers could exploit multiple flaws in Cisco's IOS to cause a denial of service or remotely execute arbitrary code. Continue Reading
-
News
07 Aug 2007
Subpar security compromises compliance
Pressure to keep trading applications available has nudged security to the back of the development line. Continue Reading
-
Feature
06 Aug 2007
Does compliance make encryption always necessary?
Many organisations look to encryption to protect sensitive data. Yet hundreds of millions of people who use the Internet also use encryption, yet most of them don't even know it. Continue Reading
-
News
03 Aug 2007
Discovery of malware cesspool triggers attack fears
Trend Micro researchers say a malware-infested Web server in Russia, linked to several Italian Web sites, could lead to a large-scale attack. Continue Reading
-
News
02 Aug 2007
Apple releases fixes for Mac OS X, iPhone vulnerabilities
Apple Computer has released software patches fixing critical vulnerabilities in Mac OS X and its newly released iPhone. Continue Reading
-
News
01 Aug 2007
Users make iSCSI Sans with USB keys
Users say that Open-E's iSCSI San software, which is delivered on a USB stick, is more affordable than prepackaged systems and has more support than free iSCSI target products. Continue Reading
-
News
31 Jul 2007
Security update fixes Yahoo Widgets flaw
Attackers could exploit a Yahoo Widgets flaw to run malicious code on compromised Windows computers, but a security update is available. Continue Reading
-
News
30 Jul 2007
Most antispam technologies get failing grade
An independent study finds that many enterprises are not satisfied with traditional antispam technologies. Continue Reading
-
News
25 Jul 2007
EMC reports Clariion surge, data archiving slump
EMC's revenues are up this quarter, attributed in part to a big boost in Clariion sales, but CEO Joe Tucci is critical of the company's execution in data archiving. Continue Reading
-
News
25 Jul 2007
Cisco issues warning for wireless LAN controller flaws
Cisco Systems is warning customers of flaws in its wireless LAN controllers that initially crippled a wireless network at Duke University. Continue Reading
-
News
24 Jul 2007
Apple iPhone crack discovered by security researchers
Researchers have found a way to take complete control of the Apple iPhone by sending a user to a malicious Web site. Continue Reading
-
News
24 Jul 2007
New hacking technique exploits common programming error
Researchers at Watchfire Inc. say they discovered a new technique that exploits a common dangling pointer error. Continue Reading
-
News
23 Jul 2007
PCI compliance costs often underestimated, study finds
Companies are moving forward with PCI DSS projects, but many are underestimating the costs associated with compliance. Continue Reading
-
News
23 Jul 2007
Core Security CEO to step down
Paul Paget, the CEO of penetration testing software vendor Core Security Technologies said he is better-suited for start-ups Continue Reading
-
News
22 Jul 2007
Black Hat Las Vegas 2007: Special news coverage
SearchSecurity.com covers all the controversy at this year's show with news, features, podcasts, interviews, exploits and more direct from Las Vegas. Continue Reading
-
News
18 Jul 2007
For Boeing, data security, network access still hazy
Boeing is trying to reshape its network security architecture to better protect sensitive systems from threats without degrading employee productivity. Continue Reading
-
News
17 Jul 2007
CDP platform purchase considerations
Busy IT organizations are employing continuous data protection (CDP) technologies to guard data on the fly, essentially eliminating the backup window and allowing granular file and system restoration -- sometimes down to the individual disk write operation. Several CDP appliances are available, but many are implemented in software, and all require careful consideration before purchase. This article focuses on the specific purchase considerations for CDP products. Continue Reading
-
News
17 Jul 2007
Zero-day auction site complicates security efforts, IT pros say
WabiSabiLabi, the eBay-like marketplace for zero-day flaws, will make it tougher for companies to ward off attackers, some IT security professionals say. Continue Reading
-
News
17 Jul 2007
Oracle plans 46 security updates for database, software
Attackers could tamper with database servers and host operating systems by exploiting flaws across Oracle's product line. Continue Reading
-
News
17 Jul 2007
CDP platform specifications
Continuous data protection (CDP) products track changes to files and data -- typically in real time -- recording activity and allowing recovery to an extremely granular level. This effectively reduces backup windows and restore points, allowing busy transactional data centers to protect mission-critical applications without significant downtime for backups or restorations. In most cases, CDP is implemented as software running on a server with internal or network storage access. The following product snapshots highlight key specifications for a cross-section of CDP systems/appliances currently available. Continue Reading
-
News
16 Jul 2007
Oracle's July 2007 CPU has 45 security fixes
Oracle stuffed 45 security updates into its July 2007 CPU, fixing flaws across its product line attackers could exploit remotely to compromise corporate databases. Continue Reading
-
Feature
16 Jul 2007
ISO 27001 could bridge the regulatory divide, expert says
Karen Worstell, former CISO at Microsoft and AT&T Wireless, now on the advisory board of Neupart A/S, explains how ISO 27001 can be used to help companies comply with a variety of regulations and standards Continue Reading
-
News
13 Jul 2007
Antispyware legislation gets tepid reviews
Congress is debating three different bills that would punish spyware pushers, but some IT professionals have their doubts about legislation as a solution to the problem. Continue Reading
-
News
12 Jul 2007
Zero-day auction site highlights ethical debate
A new auction site plans to cash in on flaw research. Executive Editor Dennis Fisher explores if it's a viable business model and if research should be sold to the highest bidder. Continue Reading
-
News
10 Jul 2007
United in threat management part three: how scared are you?
Wrapping up his look at unified threat management, Ian Yates wonders if the technique will help you sleep better at night. Continue Reading
-
News
09 Jul 2007
Microsoft July updates for critical Excel, Windows and .NET flaws
Of the six security updates Microsoft released Tuesday, experts expressed the most concern about a critical glitch in the .NET Framework that could leave client machines and Web servers open to attack. Continue Reading
-
News
09 Jul 2007
Data breaches, compliance drive intellectual property protection
Recent high profile data breaches and compliance pressures are forcing companies to spend more on technology to protect intellectual property, according to a new study. Continue Reading
-
News
09 Jul 2007
Google buy shakes up email archiving
Google's acquisition of Postini will boost adoption of Gmail, pushing email archiving players to add support for hosted applications. Continue Reading
-
News
06 Jul 2007
Microsoft preps six security updates for Windows, Office
Microsoft will release six security updates on Tuesday 10 July to address flaws attackers could exploit to launch malicious code and access sensitive information on victims' machines. Continue Reading
-
News
04 Jul 2007
Cisco users upbeat about security direction
Cisco customers say the vendor's security strategy is headed in the right direction, which is why they believe the networking giant's IronPort integration will be smooth sailing. Continue Reading
-
Feature
03 Jul 2007
Data migration product specifications
Part of the Tiered Storage Buying guide focusing on product specifications for data migration tools. Continue Reading
-
News
03 Jul 2007
Data storage startups emerge from stealth
Three new storage firms have come out of stealth mode this June. Analysts predict the next new crop of startups will focus on wireless storage, reporting and alternatives to RAID. Continue Reading
-
News
02 Jul 2007
Are PCI auditors pitching products?
Auditors shouldn't be pitching remediation services or products to bring a company into compliance with PCI DSS rules, but some merchants are reporting the practice Continue Reading
- News 01 Jul 2007
-
News
29 Jun 2007
CIOs get solutions to meet governance regulations
CIOs facing a rising bills to meet governance, risk and compliance regulations may be able to control their costs better if they turn to new purpose-built software. Continue Reading
-
News
29 Jun 2007
Software to help CIOs meet governance regulations
CIOs facing a rising bills to meet governance, risk and compliance regulations may be able to control their costs better if they turn to new purpose-built software. Continue Reading
-
News
27 Jun 2007
Cisco vows to maintain IronPort tech, talent
As it completes the purchase of IronPort Systems, Cisco vows to maintain IronPort's talent base and make investments to keep its newly-acquired technology fresh. Continue Reading
-
News
25 Jun 2007
Richard Granger's departure may jeopardise NHS IT programme
Richard Granger's departure from Connecting for Health may jeopardise the stability and success of the politically driven NHS National Programme for IT. Continue Reading
-
News
25 Jun 2007
PCI Council hears complaints, suggestions for changes
Companies with the most stringent security technologies endure hurdles to comply with PCI DSS. Some firms are turning to the upcoming Burton Group Catalyst Conference for answers. Continue Reading
-
News
25 Jun 2007
Instant messaging usage increase highlights need for policies
A Burton Group report suggests that all companies should have an IM usage policy, even if they haven't deployed IM yet Continue Reading