Tech Center Security Management
Dark Reading's Security Management Tech Center is your destination for news and information surrounding the administrative and professional tasks that information security professionals must perform every day. Written for career security pros, The Security Management Tech Center is designed to provide insight on security career choices, staffing and budgetary issues, and day-to-day administrative tasks such as security reporting and architecture planning.
Featured Commentary
-
Mike RothmanSecurity Minor Leagues
The security skills gap continues to expand as more companies realize what they need and, more importantly what they don't have. We need a security minor league system to meet the demand.
News
-
Researcher To Open-Source Tools For Finding Odd Authentication Behavior
Rather than watching for communications between infected systems and command-and-control servers, companies can detect stealthy malware when it attempts to spread
-
Lieberman Software Launches First Security-As-A-Service PIM Platform
ERPM’s newest version offers two interfaces that provide a programmatic option for identity management
-
EiQ Networks Announces ThreatVue
New solution combines SIEM data with other critical security data
-
Cyberespionage Operators Work In Groups, Process Enormous Data Workloads
A group of Taiwanese researchers peer into the operations center of a group behind one large espionage campaign
-
Don't Take Vulnerability Counts At Face Value
With flaw tallies varying by up to 75 percent, vulnerability data needs to be taken with a grain of salt, yet reports based on the data fail to include caveats, Black Hat presenters say
More Stories
- BeyondTrust Extends Vulnerability Management With Newest Version Of Retina CS
- Microsoft: SMB Cloud Security, Privacy Concerns A Matter Of Perception
- Is Risk-Based Security Management Art Or Science?
- Tech Insight: What You Need To Know To Be A Cyber Forensics Pro
- Gartner: Worldwide Security Market To Grow 8.7 Percent In 2013
By The Numbers
Information Security Salaries Split
Infosec managers saw their salaries rise, while staffers felt a slight dip in 2013.
Source: InformationWeek 2013 IT Salary Survey
Commentary
-
Building An Effective Security Architecture: No Piece Of Cake
By Tim Wilson
Enterprises need to put more thought, fewer products into their cyberdefense strategies
-
Security Minor Leagues
By Mike Rothman
The security skills gap continues to expand as more companies realize what they need and, more importantly what they don't have. We need a security minor league system to meet the demand
-
What Every CFO Should Know About Security Breaches
By Tim Wilson
Panelists say chief financial officers should know the difference between good security spending and bad
-
A New Look For Dark Reading
By Tim Wilson
New site layout, functionality will make it easier for Dark Reading's IT security readers to find the information they need
-
IT GRC, ESIM Vendors Dig In For War
By Andrew Hay
With no sign of the two technologies combining into one, where does that leave the buyer?
Around the Web
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- Endpoint Security: End user security requires layers of tools and training as employees use more devices and apps.
- Security Isn't A Piece Of Cake: It's time we rethink the conventional wisdom about security layering.
- BYOD Is Here To Stay: Trying to keep employees' devices off the network is futile.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-3744
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2400.
CVE-2013-3743
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 45 and earlier and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT.
CVE-2013-2473
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, and CVE-2013-2472.
CVE-2013-2472
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, and CVE-2013-2473.
CVE-2013-2471
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2469, CVE-2013-2470, CVE-2013-2472, and CVE-2013-2473.