IT risk management

Risk management is an increasingly important discipline for IT leaders, with regulatory compliance an ever-present consideration and the amount of legislation and regulation concerning data security on the rise. We examine the issues around IT risk management and the best practices that IT managers need to know.

News 24 Mar 2025
Why I am challenging Yvette Cooper’s ‘secret back door’ order against Apple’s encryption

I took steps to lock down all personal data after I was named as an opponent of Russia. Now I am again worried about my family's safety after the home secretary issued a secret order against Apple Continue Reading
Feature 24 Mar 2025
Ethical qualms prompt challenging social media migrations

Changing content moderation and artificial intelligence training practices means social media has undergone a fundamental shift in the past six months, presenting organisations and people migrating away from these platforms for ethical reasons with a number of practical challenges Continue Reading
By
- Peter Ray Allison

Feature 22 Feb 2007
Flaws haunt Symantec, IBM, Cisco and IE

Bug Briefs: Security holes plague Symantec Norton products, IBM DB2; Mozilla Firefox; Trend Micro ServerProtect; Cisco IP phones; Google Desktop; IE and Snort. Continue Reading
By
- SearchSecurity.com Staff
News 21 Feb 2007
Cisco warns of IP phone flaws

Attackers could circumvent security restrictions by exploiting flaws in certain Cisco IP phones, the networking giant warned Wednesday. Continue Reading
By
- Bill Brenner
Feature 21 Feb 2007

Data breach: If customers don't act, data will remain at risk

To make enterprises take data security seriously, customers must take control of their personally identifiable information and stop handing it out to businesses. Continue Reading
News 20 Feb 2007
Cisco routers threatened by drive-by pharming

Millions of Cisco routers in circulation could be compromised by a newly-discovered attack technique Symantec calls drive-by pharming, the networking giant warned in an advisory. Continue Reading
By
- Bill Brenner
News 20 Feb 2007
Microsoft confirms new IE flaw

Attackers could exploit a new flaw in Internet Explorer (IE) to access local files on targeted systems, Microsoft confirmed Tuesday. Continue Reading
By
- Bill Brenner
News 20 Feb 2007
TJX data breach worse than initially feared

Hackers had access to a larger amount of customer data, TJX executives said in a statement. Continue Reading
By
- Dennis Fisher
News 19 Feb 2007
Sourcefire fixes Snort flaw

Attackers could exploit a flaw in the popular open source Snort IDS tool to cause a denial of service or launch malicious code. Continue Reading
By
- Bill Brenner
News 19 Feb 2007
When security firms merge, some users are losers

Some users see their services improve when IT security vendors merge with other companies or get acquired. Others say they've been left out in the cold. Continue Reading
By
- Bill Brenner
News 19 Feb 2007

Quiz: Compliance improvement -- Get better as you go forward

A five-question multiple-choice quiz to test your understanding of the content presented by expert Richard Mackey in this lesson of SearchSecurity.com's Compliance School. Continue Reading
News 14 Feb 2007
New attack technique threatens broadband users

Millions of broadband users across the globe are threatened by a new attack technique called drive-by pharming Continue Reading
By
- Bill Brenner
News 12 Feb 2007
Mobile carriers admit to malware attacks

Eighty-three percent of mobile operators surveyed by McAfee Inc. say they've suffered malware infections, but two competing security vendors say the overall threat is still small. Continue Reading
By
- Bill Brenner
News 12 Feb 2007
Microsoft fixes zero-day flaws in Word, Office

Twelve security updates from Microsoft fix a range of problems, including a flaw in the Malware Protection Engine and previously-exploited zero-days glitches in Word and Office. Continue Reading
By
- Bill Brenner
News 12 Feb 2007
Skype makes more enterprise inroads

Skype has teamed with FaceTime Communications to give companies more control over Skype use within the enterprise. Continue Reading
By
- Andrew R. Hickey, Senior News Writer
News 11 Feb 2007
Cybersecurity czar signals government cooperation at RSA Conference

Cybersecurity chief, Greg Garcia told RSA Conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. Continue Reading
By
- Marcia Savage, Features Editor, Information Security Magazine
News 11 Feb 2007
Solaris 10 has zero-day Telnet flaw

Attackers could exploit a zero-day flaw in Solaris 10's Telnet daemon to bypass authentication and gain unauthorized system access, security experts warn. Continue Reading
By
- Bill Brenner
News 10 Feb 2007

Cisco VoIP managment guide: Required management tasks

Comprehensive VoIP management includes the basic network management tasks, but also includes monitoring services such as dial tone delivery, call success rates, telephony delays and impairments, as well as call quality. VoIP telephony management is categorized here. Continue Reading
News 08 Feb 2007
Roundup: Vista security, breakability touted at RSA Conference

At RSA Conference 2007, Microsoft extolled the security virtues of its new operating system, but others weren't afraid to demonstrate how Vista security is lacking. Continue Reading
By
- SearchSecurity.com Staff
News 08 Feb 2007
New storage IPOs report losses

Of the 2006 "graduating class" of storage IPOs, two reported losses this week in their first quarter as public companies. Continue Reading
By
- SearchStorage.com Staff
News 07 Feb 2007
Briefs: Vulnerabilities found in Trend Micro, Firefox browser

This week, Trend Micro released a fix for a flaw in its antivirus engine, while no fixes are available for two newly discovered Mozilla Firefox browser flaws. Continue Reading
By
- Edmund X. DeJesus, Contributor
News 07 Feb 2007
EMC plans array-based encryption via PowerPath

EMC's next security move will be array-based encryption through PowerPath by 2008, according to internal documents obtained by SearchStorage. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 05 Feb 2007
CA backup bug exploitable on Vista

In what appears to be the first exploit for a third-party app running on Vista, a previously patched buffer overflow vulnerability in CA BrightStor ARCserve Backup has been exploited. One security firm says ISVs aren't taking advantage of Vista's new security features. Continue Reading
By
- Michael Mimoso, TechTarget
News 05 Feb 2007
Acopia hypes heterogeneous snapshot

The file virtualisation startup is blustering about a demonstration of heterogeneous snapshot technology, but is being coy about releasing a product. Continue Reading
By
- SearchStorage.com Staff
News 05 Feb 2007
Symantec chief: Consumer confidence in data protection is key to online growth

In his keynote at RSA Conference 2007, Symantec CEO John W. Thompson said Big Yellow is ready for the shifting dynamics in the information security market, and implied that Microsoft's growing presence in security is a conflict of interest for its customers. Continue Reading
By
- Rob Westervelt, News Editor
News 05 Feb 2007
Rootkit dangers at an 'all-time high'

Industry experts at RSA Conference 2007 say not only have rootkits become the weapon of choice for malicious hackers, but they've also emerged as useful tools for legitimate businesses trying to exert control over users. Continue Reading
By
- Dennis Fisher
News 05 Feb 2007
Coviello: In 3 years, no more stand-alone security

RSA President Art Coviello says today's patchwork of monolithic security devices will disappear in the next three years as security is integrated into the larger IT infrastructure. Continue Reading
By
- Bill Brenner
News 05 Feb 2007
VoIP security, unified communications need questioned

VoIP security issues and questions about the business need for unified communications have stalled adoption of both technologies, according to CompTIA's recent survey. Continue Reading
By
- Kate Dostart, Associate Editor
News 05 Feb 2007
Gates touts secure access anywhere

Microsoft's chairman tells RSA Conference 2007 attendees that a combination of authentication and access management strategies is what it takes to protect corporate data, but information security pros are willing to wait for the proof. Continue Reading
By
- Michael Mimoso, TechTarget
News 05 Feb 2007

RSA Conference 2007: Product announcements

RSA Conference 2007: Product announcements Continue Reading
News 04 Feb 2007

RSA Conference 2007: Special news coverage

Check out news, interviews, product announcements, podcasts and more live from the RSA Conference 2007 in San Francisco. Continue Reading
News 04 Feb 2007
Vista exploitable, researcher says

Marc Maiffret, CTO and chief hacking officer of eEye Digital Security, said he has found a way to elevate system privileges by exploiting a flaw in Windows Vista. Continue Reading
By
- Bill Brenner
News 04 Feb 2007
CISOs mastering 'softer' skills

Why CISOs can no longer rely on technology skills alone and what businesses are looking for when recruiting their next information security leader. Continue Reading
By
- Amber Plante, Assistant Managing Editor, Information Security magazine
News 04 Feb 2007
Email security buying decisions

Email security can be a daunting task for SMBs -- how do you go about finding the right product? This tip delves into three approaches to email security and the products available. Continue Reading
By
- Joel Dubin, CISSP, Contributor
News 04 Feb 2007
Dozens of Web sites spread malicious Trojan

Update: The same malicious JavaScript keylogger that compromised the Dolphin Stadium Web site last week was found over the weekend on dozens of other high-profile Web sites. Continue Reading
By
- Eric Parizo, Senior Analyst
News 04 Feb 2007
New zero-day attack targets Microsoft Excel

Microsoft says maliciously crafted Excel files may permit the execution of arbitrary code. Other Microsoft Office applications may be at risk. Continue Reading
By
- Edmond X. DeJesus, Contributor
News 04 Feb 2007
HDS to acquire Archivas for up to $120M

HDS will acquire archiving software partner, Archivas for close to $120 million stepping up its effort to compete with EMC in this market. Continue Reading
By
- Jo Maitland, TechTarget
News 04 Feb 2007
HP fills in gaps with product updates

HP announced updates to several of its products, but analysts are wondering what its ultimate strategy will be for storage virtualisation. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 04 Feb 2007
Intrusion detection systems are alive and kicking

IPS hasn't overtaken intrusion detection systems just yet. Senior News Writer Bill Brenner reveals what customers want when they're shopping for IDS products. Continue Reading
By
- Bill Brenner
Feature 31 Jan 2007

New security vendors take on sophisticated attackers

IT Security vendors are developing technologies that show promise in preventing unknown attacks and protecting machines with zero-day vulnerabilities. Continue Reading
News 30 Jan 2007
Microsoft disputes Word zero-day report

Symantec is warning of a new zero-day vulnerability in Microsoft Word. But Microsoft doesn't believe the flaw is new. Continue Reading
By
- Bill Brenner
News 30 Jan 2007
Lawyers discuss e-discovery gotchas

During panel sessions at Legal Tech, lawyers provided their insights into the e-discovery process, retention policies and helping judges get up to speed. Continue Reading
By
- Jo Maitland, TechTarget
News 30 Jan 2007
Symantec unveils 'universal ID system'

Symantec said the goal is to create a universally accepted identity system across all Web sites -- from online financial institutions to retailers -- for millions of consumers. Continue Reading
By
- SearchSecurity.com Staff
News 30 Jan 2007

Using IAM tools to improve compliance

Provisioning and password management tools can ease complexity, reduce help desk calls and save money. But they also have an added benefit: they can help with your compliance woes. Continue Reading
News 29 Jan 2007
TJX faces lawsuit over data breach

A class action lawsuit against TJX accuses the retailer of negligence for not doing enough to secure customer data and for keeping quiet about the breach for a month. Continue Reading
By
- Bill Brenner
News 28 Jan 2007
IBM improves data recovery process for TSM users

Tivoli Storage Manager 5.4, released this week, establishes a disk cache for most recently backed-up files, improving the slow restore times associated with the product. Continue Reading
By
- Jo Maitland, TechTarget
News 28 Jan 2007
IBM to acquire Softek, looks to pump up services biz

IBM says it intends to use Softek's Transparent Data Migration Facility within its Global Services business. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 25 Jan 2007

Balancing the cost and benefits of countermeasures

The final tip in our series, "How to assess and mitigate information security threats." Continue Reading
News 25 Jan 2007

How to assess and mitigate information security threats

Learn how to assess and mitigate information security threats, like rootkits, worms and Trojans in the tip series created in collaboration with Realtimepublishers and Dan Sullivan, author of The Shortcut Guide to Protecting Business Internet Usage. Continue Reading
News 25 Jan 2007

Malware: The ever-evolving threat

The first tip in our series, "How to assess and mitigate information security threats" Continue Reading
News 25 Jan 2007

Network-based attacks

The second tip in our series, "How to assess and mitigate information security threats." Continue Reading
News 25 Jan 2007

Information theft and cryptographic attacks

The third tip in our series, "How to assess and mitigate information security threats." Continue Reading
News 25 Jan 2007
IBM tool makes online purchases anonymous

A new tool makes online purchases anonymous by using artificial identity information. Experts say enterprises need to adopt the technology before it can become a viable option. Continue Reading
By
- Robert Westervelt, TechTarget
News 25 Jan 2007
Symantec makes major update to Enterprise Vault

Symantec adds automated data classification and integration with security products in Version 7.0 of its Enterprise Vault archiving tool; EMC reports record earnings for the fourth quarter. Continue Reading
By
- SearchStorage.com Staff
News 25 Jan 2007
Apple fixes Mac Wi-Fi flaw

The Mac OS X Wi-Fi flaw Apple fixed on 24 Jan was first disclosed as part of the Month of Kernel Bugs in November. Attackers could exploit it to crash the targeted system. Continue Reading
By
- Bill Brenner
News 24 Jan 2007
Microsoft investigates new Word zero-day

An unpatched memory-corruption flaw in Microsoft Word is the target of "limited" attacks in the wild, Microsoft confirmed Thursday. Continue Reading
By
- Bill Brenner
News 24 Jan 2007
TJX data breach info used to make fraudulent purchases

Fraudulent purchases have been reported globally, according to a trade association that represents more than 200 banks in Massachusetts. Continue Reading
By
- Robert Westervelt, TechTarget
News 23 Jan 2007
Cisco fixes IOS flaws

Attackers could exploit three Cisco IOS flaws to cause a denial of service or launch malicious code. The networking giant has released fixes. Continue Reading
By
- Bill Brenner
News 23 Jan 2007
McAfee: Malware all about ID theft

The use of keylogger technology is surging and there's been a 100-fold rise in phishing attacks, according to a new report from McAfee. Continue Reading
By
- Bill Brenner, Senior News Writer
News 18 Jan 2007
ID theft victim to TJX customers: Mind your data

Customers should guard their own data, says one ID theft victim. Meanwhile, some in the banking industry say TJX may have stored more data than necessary. Continue Reading
By
- Bill Brenner
Feature 18 Jan 2007
Vendors: Cut the hype, truth is what sells

Storage virtualisation technologies have been purchased and implemented successfully for years. The rest of the IT infrastructure must try to catch up and, ultimately, the only thing not virtualised within the datacentre will be the last guy standing. Continue Reading
By
- Steve Duplessie, founder and senior analyst for the Enterprise Strategy Group
News 17 Jan 2007
Data breach at TJX could affect millions

Retailer TJX Companies said a hacker gained access to its systems exposing the credit card data of millions of customers. Continue Reading
By
- Robert Westervelt, TechTarget
Feature 17 Jan 2007

TJX breach: There's no excuse to skip data encryption

Companies complain that database encryption products are too expensive and difficult to manage, but customer loss and breach notification costs outweigh encryption expenses. Continue Reading
News 17 Jan 2007
Companies take IM threats seriously

Wesabe is a brand new money management community. It takes threats to IM as seriously as those targeting email and web applications Continue Reading
By
- Mark Baard
News 16 Jan 2007
Fortify Software to acquire Secure Software

The acquisition of Secure Software will allow Fortify to expand into the requirements and design phases of the software development lifecycle, the company said. Continue Reading
By
- Bill Brenner
Feature 15 Jan 2007
PatchLink offers solid flaw management

PatchLink Update 6.3 is a solid solution to the enterprise patch management problem and demonstrates its true power in a Windows environment. Continue Reading
By
- Tom Bowers
News 15 Jan 2007
Core Security offers powerful testing tool

We highly recommend Core Impact 6.0 to security engineers to verify the vulnerability of their networks. Continue Reading
By
- Mike Poor, Contributing Writer
News 15 Jan 2007
Apere's IMAG 500 a tough sell

Product review: Apere says many of the issues we encountered are addressed in its next release, but mid-enterprise businesses may not have the tolerance for this product. Continue Reading
By
- Brad Causey
News 14 Jan 2007

Storage management software finalists

Find out who was selected as finalists in the storage management software category for our storage products of the year Continue Reading
News 11 Jan 2007
Oracle emulates Microsoft with advance patch notice

Oracle will patch 52 security flaws across its product line Tuesday, according to its inaugural CPU advance notification bulletin. Continue Reading
By
- Bill Brenner
News 10 Jan 2007
Sophos acquires Endforce to add NAC

Antivirus vendor Sophos is rounding out its email Web and desktop security software with Endforce's network access control (NAC) software. Continue Reading
By
- Robert Westervelt, TechTarget
News 09 Jan 2007
More users increase risk for Volkswagen AG

With 1.5 million users on the network, Volkswagen AG depends more than ever on strong ID and access management to safeguard intellectual property, according to its CISO. Continue Reading
By
- Bill Brenner
News 09 Jan 2007
Remote flaw in Vista could earn finder $8,000

VeriSign Inc.'s iDefense Labs is offering an $8,000 bounty to any researcher who finds a remotely exploitable flaw in Windows Vista. Continue Reading
By
- Dennis Fisher
News 09 Jan 2007
Network configuration management key to VoIP success

While companies spend millions on upgrading infrastructure for VoIP, little attention is given to solving the largest source of downtime – configuration-related outages due to human error. Continue Reading
By
- Zeus Kerravala, senior vice president, Yankee Group
News 08 Jan 2007

How far apart can SAN locations be?

Storage locations can potentially be very far apart, separated by thousands of miles, even around the globe. The real consideration in selecting distance is that of latency... Continue Reading
Feature 08 Jan 2007

Inside MSRC: Microsoft updates WSUSSCAN issue

Christopher Budd of the Microsoft Security Response Center is urging customers to deploy the latest versions of the Systems Management Server Inventory Tool for Microsoft Updates or Microsoft Baseline Security Analyzer to receive all the current software updates. Continue Reading
News 08 Jan 2007
Critical fixes for Excel, Outlook and Windows

Microsoft starts the year with security updates for Excel, Outlook and Windows. Three of the fixes are rated critical. Continue Reading
By
- Bill Brenner
News 08 Jan 2007
Attackers hide malicious code using new method

Attackers have designed a new way to thwart virus signatures from antivirus vendors, says a new report. Continue Reading
By
- Robert Westervelt, TechTarget
News 07 Jan 2007
Bug Briefs: OpenOffice vulnerable to attack

Other flaws were reported in Apple QuickTime, Mac OS X, Adobe Flash Player, VideoLAN VLC, the Opera Web browser, and Cisco Access Control Server. Continue Reading
By
- SearchSecurity.com Staff
News 07 Jan 2007
Microsoft nixes four patch bulletins

Eight security updates were originally scheduled for Patch Tuesday , but Microsoft has decided to hold back on half of them. Continue Reading
By
- Bill Brenner
Feature 04 Jan 2007

Why don't we have clustered FC block storage?

Is it odd that the industry has made such serious strides toward incorporating clustering concepts in both file-based storage and IP -based storage, but not Fibre Channel storage? Continue Reading
News 03 Jan 2007
Cisco bolsters security with IronPort buy

Cisco Systems agreed Thursday to buy Internet gateway security vendor IronPort Systems Inc. for $830 million. Continue Reading
By
- Robert Westervelt, TechTarget
News 03 Jan 2007
Cisco software vulnerable to attack

Cisco's Clean Access software and Clean Access Manager are at risk to attack. A malicious user can access a database snapshot and download it without authentication. Continue Reading
By
- Robert Westervelt, TechTarget
Feature 03 Jan 2007

Adobe Reader flaws spook security experts

Security experts sound the alarm over Adobe Reader flaws that could be exploited for cross-site scripting attacks and other mayhem. Continue Reading
News 03 Jan 2007
Information security market 2006 year in review

In part two of our two-part special edition of Security Wire Weekly, site editor Eric Parizo reveals his picks for top information security interviews of 2006. Audio clips in this program include Andrew Braunberg of Current Analysis; Johannes Ullrich of the SANS Internet Storm Center; Mike Rothman of Security Incite and Brian Chess of Fortify Software. Continue Reading
By
- SearchSecurity.com Staff
News 02 Jan 2007
Security pros grumble over spam increase

Spim and spam from unexpected sources is challenging enterprises in 2007. Some enterprises are taking action. Continue Reading
By
- Edmund X. DeJesus, Contributor
Feature 01 Jan 2007

Security pros glean insight from '06

Corporate acquisitions, an abundance of spam, and the White House's take on cybersecurity mark 2006. Continue Reading
Feature 01 Jan 2007
Storage Outlook '07: Seeking better backups and archives

Tom Becchetti, senior infrastructure engineer for a major national financial services company, says compliance, backup and archiving will be top priorities in 2007. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 26 Dec 2006
Looking back at information security in 2006

In this special edition of Security Wire Weekly, senior news writer Bill Brenner reviews his top interviews of 2006. Continue Reading
By
- SearchSecurity.com Staff
News 25 Dec 2006
Top 10 storage stories of 2006

SAN and NAS converged and shook up the industry, iSCSI went mission-critical, users conquered tiered storage and more. Continue Reading
By
- Beth Pariseau, Senior News Writer
Feature 20 Dec 2006

Top client security tips of 2006

A network user without the proper know-how is a ticking time bomb when it comes to security. Check out our top five client hardening tips of 2006 to get a head start on protecting yourself from potentially dangerous users. Continue Reading
News 20 Dec 2006
Top 10 storage acquisitions of 2006

Industry consolidation was fast and furious this year. We rank the deals by quality, not quantity. Continue Reading
By
- Jo Maitland, News Director and Beth Pariseau, News Writer
News 19 Dec 2006
Microsoft releases Vista APIs to security vendors

Microsoft released a draft set of programming interfaces allowing security vendors to develop software using the Windows kernel on 64-bit systems. Continue Reading
By
- Robert Westervelt, TechTarget
News 19 Dec 2006
Mozilla fixes multiple Firefox flaws

Digital miscreants could exploit flaws in Mozilla's popular Firefox browser to bypass security programs, access sensitive information and conduct cross-site scripting attacks. Continue Reading
By
- Bill Brenner
News 19 Dec 2006
Check Point gets big IDS boost from NFR deal

Analysts say Check Point would gain much-needed intrusion detection and prevention capabilities through its acquisition of NFR Security. The deal should erase bad memories of the aborted Sourcefire deal. Continue Reading
By
- Bill Brenner Senior News Writer
Feature 18 Dec 2006

Top network security tips of 2006

The top Windows networking security tips of 2006 cover a range of topics, including network isolation, open source Windows security tools, VPN security and more. Continue Reading
News 18 Dec 2006
VoIP hacking exposed in new book

VoIP hacking is a reality, and in a new book, two VoIP security experts outline the tools and tricks to avoid a system-crushing hack. Continue Reading
By
- Andrew R. Hickey, Senior News Writer
News 17 Dec 2006
Criminals find safety in cyberspace

A new report from McAfee shows how criminals are enjoying a sense of safety and anonymity in cyberspace that they never had on the street. And they're making more money. Continue Reading
By
- Bill Brenner
Feature 14 Dec 2006
Review: Reconnex's iGuard needs improvements

Reconnex's iGuard is maturing, though it still needs some usability improvements such as wizards, customisable reports and the ability to drill down on the graphs. Continue Reading
By
- Tom Bowers
Feature 14 Dec 2006
Review: Deep Security is a solid IPS

Third Brigade's Deep Security is a well-designed, effective product with strong configuration and policy control capabilities. Continue Reading
By
- Steven Weil, Point B
News 14 Dec 2006

Schneier: Data breach at UCLA barely newsworthy

This week in Security Blog Log: Security luminary Bruce Schneier and others sound off on the UCLA data breach that exposed 800,000 people to identity fraud. Continue Reading
Feature 13 Dec 2006

Microsoft Vista could improve Internet security

Two new Microsoft Vista features -- Kernel Patch Protection and User Account Control -- could prove especially useful in preventing serious malware infections. Continue Reading