CREDANT confirm Aberdeen Group Study findings

By Alan Harten

CREDANT Technologies have said they agree with the findings of the Aberdeen Group and that they also believe that more organisations have adopted a centrally managed, policy-centric, file-based data encryption strategy over full disk encryption.
This helps organisations to avoid data loss while assisting with stabilized levels of business productivity.
Aberdeen’s original study which was entitled [...]

66% of Companies Worried About Data Leakage

By Alan Harten

Infosecurity Europe has commissioned new research that looks into various aspects of security problems that are facing many companies.
The number one concern of the respondents was data leakage, with 69% citing this as their biggest worry.
At number two in the security worries league table is how to keep collaborative and mobile working secure, with [...]

ISACA identifies P2P hacking as problem for companies

By Alan Harten

The ISACA, an association of more than 86,000 IT governance professionals, says that a United States court case in which a 19-year-old hacker has pleaded guilty to modifying a file-sharing application, is highly significant in that it clearly shows the dangers of using this type of software.
This case, which involved P2P operator Limewire, resulted in [...]

Data volume explosion poses storage problem

By Alan Harten

Clearpace, a database archiving solutions company, commissioned Forrester Research to prepare a report into companies’ archiving habits.
The results seem to suggest that many companies are exposing themselves to considerable operational risk with inadequate archiving.
The research showed that there is a 50% annual growth in online transactional data and the repositories to house all that [...]

New Guidance From IT Governance Institute Maps COBIT 4.1 With ITIL v3

By ISACA

To help enterprises take a comprehensive approach to IT governance and service management, the IT Governance Institute (ITGI) has released new guidance mapping COBIT 4.1 with ITIL Version 3. Titled COBIT Mapping: Mapping of ITIL v3 With COBIT 4.1, the document provides both a high-level and a detailed mapping.
In developing ITIL v3, the UK [...]

CNN.com Daily Top 10 email spam

By Brian Turner

The news alerts email spam continues to develop, with CNN again the target of the latest wave of email spam.
Titled CNN.com Daily Top 10, the email contains a table of supposed top ten CNN stories plus top 10 CNN video links.
However, none of the story links are to CNN, but instead attacks pages.
If CNN [...]

Auto Identification Card email spam

By Brian Turner

Another common subject line in email spam at present: Auto Identification Card.
The email comes with the following message:

The Auto Identification Card document that you requested is attached
Please do not reply to this email
If you have questions please call your contact at Allmerica Financial

And comes attached with a malware-laden zip file.
Of course, this is fake email [...]

Airlines targeted in new malware threat

By Brian Turner

A string of new email spam this morning, all claiming to be payment receipts from US airlines - provided as a malware-laden zip file.
The following airlines were used in the headers in the ones we got this morning:
- Virgin America
- Delta Air Lines
- AirTran Airways
- Continental Airlines
- Northwest Airlines
- JetBlue Airways
Likely more airline names are [...]

Passwords are not enough

By prpr

John Stewart of Signify – The Secure Authentication Service – explains why two-factor authentication is better than one
Passwords are getting a bit embarrassing. Organisations are increasingly reluctant to admit that they only use weak static password protection to prevent access to their networks and resources.
A major problem is that people are forgetful. So [...]

Clustered Storage vs. Storage Virtualisation

By Storage Expo

By Philip Crocker, Director of EMEA Marketing, Isilon Systems.
Many organisations are facing a tremendous increase in the amounts of data needed to conduct everyday business.
The growth of unstructured data such as video, audio, image, research data, and other large digital files is pushing the bounds of traditional storage systems.
Into the breach come Clustered [...]

President of Information Security Forum Appointed

By Alan Harten

The Information Security Forum (ISF) has selected its new President, Professor Howard A. Schmidt.
The ISF is a non-profit organisation that is funded by over 300 of the world’s largest companies, which have already chipped in over US$100 million to fund the organisation’s work in the field of information security and risk management - issues [...]

msnbc.com: BREAKING NEWS spam

By Brian Turner

Hot on the heels of the CNN Alerts: my custom alert email spam comes a new variant: msnbc.com: BREAKING NEWS spam.
The emails follow the same format as the CNN spam, with the link to the supposed featured story going to an unrelated third-party website which attempts to attack the users PC.
The site tries to download [...]

Last year’s IP security is not this year’s

By Alan Harten

The ISACA said this week, at its Vegas Black Hat briefing, that a security problem that hackers are utilising to nudge people into visiting sites against their will, is also affecting email services.
ISACA says that the problem, discovered by Dan Kaminsky, will permit these hackers to intercept e-mail messages.
They go on to say that [...]

How to choose an encryption solution

By prpr

Frank Schlottke from Applied Security looks at different approaches to data encryption and discusses the pros and cons that must be examined to ensure a best fit solution.
With stories of data going missing almost daily, it’s difficult to understand why more of it is not encrypted. After all, the most effective countermeasure against the theft [...]

ISACA says major DNS flaw affecting email comes as no surprise

By ISACA

ISACA, formerly the Information Systems Audit and Control Association, says that security researcher Dan Kaminsky’s assertion that the major DNS flaw that he identified recently also applies to email services comes as no surprise.
“Kaminsky said at this week’s Black Hat briefings in Las Vegas that the flaw not only allows hackers to force people to [...]

CNN Alerts: My Custom Alert email spam

By Brian Turner

A new form of email spam has been deluging the web over the past week.
The emails are all titled “CNN Alerts: My Custom Alert email spam”, and are filled with links to relevant CNN newsletter links.
However, the emails are spoofed with the main link to the “Full story” actually linking to an unrelated attack websites, [...]

The pitfalls of FTP Servers

By Cyber - Ark

I’ve heard recently that there is a new craze for thrill seekers known as Russian Roulette parachuting – a one in six chance that the parachute might not open – but apparently this is just not close enough to the edge for some IT folks out there.
It seems the latest stunt is using FTP [...]

The problem is information insecurity

By Bruce Schneier

Information insecurity is costing us billions. We pay for it in theft: information theft, financial theft. We pay for it in productivity loss, both when networks stop working and in the dozens of minor security inconveniences we all have to endure. We pay for it when we have to buy security products and services to [...]

The Threat Within: Data Breaches from Unauthorized Access and Improper Use

By Tier-3

(Written by Geoff Sweeney, CTO, Tier-3)
Identity management systems (IDM) control user access to specific company information based on their identity, duty and responsibilities. Increasingly today’s enterprises are turning also to the next level of security with the use of network access control systems (NAC) to verify the integrity of devices as they access the corporate [...]

Companies Don’t Understand Backup Solutions

By Alan Harten

Databarracks have announced the results of their annual Backup and Recovery survey, and the results show that 91% have total confidence in their backup solutions.
Unfortunately this confidence does not stand up well to scrutiny with 74% of respondents not utilising encryption or replication.
In addition they also do not make use of offsite backup facilities, [...]

Next Page »