Obama Cybersecurity Plan: What's In It For SMBs?
New cyberczar (though no names yet), management from the top, calls for more coordinated cybersecurity efforts, privacy protection -- same old same old, or does the unveiling of the Obama administration's cybersecurity plan promise real changes in the government's approach to scuring cyberspace. More importantly, what's in the plan for small and midsized businesses?
Obama Administration's IT Security Review
Today the White House released its 60-day review on cybersecurity policy, and the report -- as well as the administration's plan -- consists of five primary prongs: top-down leadership, education, distributed responsibility, information sharing, and encouraging innovation.
Storage CAPEX VS. OPEX
Wrapping up our series on choosing storage projects, part of the conversation has to be what is more important, CAPEX or OPEX? Almost every storage project you decide to embark on will have to be brought to management as something that is going to either reduce your capital expenditures or lower your operational expenditures. Which part of these projects are more important?
Cybercriminals: More Obvious Than They Think?
Attackers often use and abuse security by obscurity, which can lessen the likelihood that they will be caught. From them we can learn a lot about profiling attackers on our networks, and how they work to achieve better operational security. Take their use of encryption.
Snort To Go Virtual
Open source IDS/IPS celebrates its tenth year with an all-new platform in the works, a new release candidate, and plans for a commercial a virtual appliance
Selecting Your Next Storage Project - Big Projects
In a prior entry we discussed how to select your next storage project and suggested that most IT professionals are going to focus on smaller projects. Basically filling in pot holes as opposed to paving a new road. There are times however, even when staffing is scarce and money is tight that you need to undertake a big storage project to fix the problem, essentially putting a new road in.
U.S. Cyber Czar On The Horizon; New Legislation, Too?
The buzz surrounding President Obama's efforts at securing our cyber-infrastructure is audible. The release of a 60-day review of the government's cybersecurity efforts, which started back in February, is expected soon, along with the naming of a new White House official -- a "cyber czar," as some are calling the position -- who will reportedly have purview over developing a strategy for securing both government and private networks.
Spam Surge: 9 Out Of 10 E-mails Can't Be Good!
90% of all email was spam last month, according to Symantec's MessageLabs Intelligence Report, just released. The figure is up more than 5% in the last month. Good news, I guess, is that things can't get much more than 10% worse from here.
Security Benchmarks For Apple iPhone Released
Today the Center for Internet Security released a set of benchmarks designed to help consumers and businesses alike communicate using their favorite toy. Whoops, I meant smartphone. The guidance is worth a look.
Summer Security: Don't Put Backups In The Trunk
Temperatures are starting to rise outside -- and when they do, you can bet they're rising even faster in trunks and locked cars. Which are two of the places you should never put media you're transporting. And according to a data recovery specialist, they're also two of the most common locations for media in transit -- and two of the most common sources of data damage.
When Your Security Career Gets Hacked
Security professionals like to think they're immune from the economic woes plaguing the rest of the business world, but, unfortunately, many are finding out the hard way that their jobs aren't any more secure than their apps. So career coaches Lee Kushner and Michael Murray today launched an "incident response" podcast series to help security professionals whose careers have been hacked and their jobs lost get back into the job market.
Google I/O Developer Conference: Where's The Security Love?
At the Google I/O developer conference this week, Google Inc. will host more than 80 technical sessions on all of the Google apps and platforms we've come to know -- Android, Chrome, App Engine, Web Toolkit, AJAX and others. When reviewing the Google I/O Schedule this morning, I was disappointed by what could not be easily found.
20 SMB Security Products Worth A Look
Take a few minutes this holiday weekend -- always assuming there's such a thing as holiday weekends for small and midsized businesses -- and check out twenty of the hottest and most budget-savvy (rarely the same thing) new security products.
Adobe Owns Up To Security Issues
The discussion surrounding how to make software vendors accountable for hacked systems and data breaches due to security problems in their products is, at best, an effort in futility. As much as we'd like to have Microsoft, Oracle, and Adobe take responsibility for software vulnerabilities that have caused us headaches and cost us money, we are stuck in an endless loop of dependence on their products.
Verizon Beefs Up Handset Security
The over-the-air authentication service enables workers to securely access business networks from handsets nearly anywhere in the world.
Web 2.0 For Business Requires Web 2.0-Level Security: Websense
The various elements and components and approaches that comprise Web 2.0 offer large business promise. But they also create large business risk and exposure. Better make sure your security and especially your security policies are up to the challenges.
NetApp Buys Data Domain - User Impact
With yesterdays announcement of NetApp's intention to buy Data Domain, a question that needs to be answered by IT professionals is how does this affect them? In our blog on Information Week's sister publication Byte and Switch we looked at the industry impact, but what about the users? There are current customers, c
Adobe (Finally) Getting Security Religion
In the past number of years Adobe Systems hasn't seemed to have its act together when it comes to mitigating security risks in its PDF. Hopefully, that's about to change.
Ruminating on CSI SX
Citizens of the Information Security Nation, to you I say Classify and inventory your data and assets!
Tedium? Odium? Delirium? Yes, probably all three. But worth the trouble.
Educating Our Clients Is Part Of Our Responsibility
Have you ever had a client (or your own employer) say, "There's no way a user could hack our internal Web apps; they can't run anything but authorized applications like a Web browser and e-mail client." Happens all the time, right? Guess what -- you're not alone.
Selecting Your Next Storage Project - Edge Projects
Unfortunately the reality is often that the storage project you are going to work on next is based on the one that users are screaming the loudest for that you can also afford and it usually contains "add capacity". Is there a better way to go about selecting your next storage project?
On Prison And Corporate Data Escapes
In its broadest sense, social engineering is deception to manipulate or exploit people. That's exactly how more than 50 Mexican inmates were freed this weekend. How much proprietary corporate data is "liberated" in much the same way?
Watch Your Website Even As You Watch Out For Others
Businesses rightly spend much time and effort seeking to protect their employees from malicious Web sites and the havoc those sites can wreak. A new report reminds us not to neglect vulnerabilities on our own sites, 60% of which contain the sorts of vulnerabilities the malware makers love to exploit.