Tech Center Security Management
Dark Reading's Security Management Tech Center is your destination for news and information surrounding the administrative and professional tasks that information security professionals must perform every day. Written for career security pros, The Security Management Tech Center is designed to provide insight on security career choices, staffing and budgetary issues, and day-to-day administrative tasks such as security reporting and architecture planning.
Featured Commentary
-
Mike RothmanSecurity Minor Leagues
The security skills gap continues to expand as more companies realize what they need and, more importantly what they don't have. We need a security minor league system to meet the demand.
News
-
Researcher To Open-Source Tools For Finding Odd Authentication Behavior
Rather than watching for communications between infected systems and command-and-control servers, companies can detect stealthy malware when it attempts to spread
-
Lieberman Software Launches First Security-As-A-Service PIM Platform
ERPM’s newest version offers two interfaces that provide a programmatic option for identity management
-
EiQ Networks Announces ThreatVue
New solution combines SIEM data with other critical security data
-
Cyberespionage Operators Work In Groups, Process Enormous Data Workloads
A group of Taiwanese researchers peer into the operations center of a group behind one large espionage campaign
-
Don't Take Vulnerability Counts At Face Value
With flaw tallies varying by up to 75 percent, vulnerability data needs to be taken with a grain of salt, yet reports based on the data fail to include caveats, Black Hat presenters say
More Stories
- BeyondTrust Extends Vulnerability Management With Newest Version Of Retina CS
- Microsoft: SMB Cloud Security, Privacy Concerns A Matter Of Perception
- Is Risk-Based Security Management Art Or Science?
- Tech Insight: What You Need To Know To Be A Cyber Forensics Pro
- Gartner: Worldwide Security Market To Grow 8.7 Percent In 2013
By The Numbers
Information Security Salaries Split
Infosec managers saw their salaries rise, while staffers felt a slight dip in 2013.

Source: InformationWeek 2013 IT Salary Survey
Commentary
-
Security Needs More Designers, Not Architects
By Rich Mogull
The better we design the user experience, the more we reduce our risk
-
Building An Effective Security Architecture: No Piece Of Cake
By Tim Wilson
Enterprises need to put more thought, fewer products into their cyberdefense strategies
-
Security Minor Leagues
By Mike Rothman
The security skills gap continues to expand as more companies realize what they need and, more importantly what they don't have. We need a security minor league system to meet the demand
-
What Every CFO Should Know About Security Breaches
By Tim Wilson
Panelists say chief financial officers should know the difference between good security spending and bad
-
A New Look For Dark Reading
By Tim Wilson
New site layout, functionality will make it easier for Dark Reading's IT security readers to find the information they need
Around the Web
Free Research and Reports
Whitepapers
Upcoming Events
Dark Reading Digital Magazine
In This Issue
- Endpoint Security: End user security requires layers of tools and training as employees use more devices and apps.
- Security Isn't A Piece Of Cake: It's time we rethink the conventional wisdom about security layering.
- BYOD Is Here To Stay: Trying to keep employees' devices off the network is futile.
Tech Insight
Bugs
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
CVE-2013-2969
Cross-site scripting (XSS) vulnerability in IBM Sterling Control Center (SCC) 5.2 before 5.2.0.9, 5.3 before 5.3.0.4, and 5.4 through 5.4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving invalid characters.
CVE-2013-2968
An unspecified buffer-read method in IBM Sterling Control Center (SCC) 5.2 before 5.2.0.9, 5.3 before 5.3.0.4, and 5.4 through 5.4.0.1 allows remote authenticated users to cause a denial of service via a large file that lacks end-of-line characters.
CVE-2013-4622
The 3G Mobile Hotspot feature on the HTC Droid Incredible has a default WPA2 PSK passphrase of 1234567890, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area.
CVE-2013-0484
The server process in IBM Cognos TM1 10.1.x before 10.1.1 FP1 allows remote attackers to cause a denial of service (daemon crash) via an undocumented API call that triggers the transmission of unexpected data.
CVE-2013-3744 (jre, jdk)
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2400.



