Security & Risk Management
 
Showing 1-10 of 44 records
 
Expand article

InfoSec 2008: Key takeaways from Europe's biggest security event

2008-04-30 08:43:01 by Thomas Raschke in Security & Risk Management
 
...information security event. InfoSec, held the 22nd-24th of April at London's Grand Hall, Olympia, saw some 300 security vendors exhibiting and more than 12,500 security folks visiting. Next year will be at the bigger Earls Court. Last year had fewer attendees, but the benefit of a clear key topic: data security So, what was the buzz about...
 
Tags: data security, data, security, data security product, information security, information security event, security professionals, security managers, security folks
 
 
 
 
Expand article

Hitachi acquires M-Tech Information Technology

2008-04-24 15:24:10 by Andras Cser in Security & Risk Management
 
...Information Technology, and changed the name to Hitachi ID. Although Hitachi has been lacking an identity and access management (IAM) pedigree, this move can prove important due to the following reasons 1) Using IAM for provisioning of physical resources and hardware resources 2) Extending enterprise role definitions to previously uncharted...
 
Tags: hitachi, access management, access, m-tech, m-tech information technology, adaptive access management, user account, enterprise role definitions, iam
 
 
 
 
Expand article

UBS Explains Risk Management Gone Wrong

2008-04-23 16:49:32 by Chris McClean in Security & Risk Management
 
Big news in risk management this week as UBS released a report to shareholders describing the situation that has led to roughly $37 billion in write-downs so far related to the company's subprime exposures (see articles in Reuters , Forbes , the Wall Street Journal , and BusinessWeek Overarching causes described in the report are not surprising;...
 
Tags: risk management, risk management expertise, control failures, failures, report, wider industry concerns, cost justification support, list include, wall street journal
 
 
 
 
Expand article

End user security psychology, part II: Can knowledge-based authentication be effective?

2008-04-02 11:11:25 by Bill Nagel in Security & Risk Management
 
...information. And then there's the annoyance factor: the inconvenience in terms of the time and effort to remember all of the PINs, passwords, and answers and jump through those hoops. It's as if the typical Internet banking customer is a tender orchid needing just the right conditions to flourish The only problem is that in most cases this...
 
Tags: authentication, authentication measures, authentication process drags, kba, security, single-factor authentication, implement kba, users, users perceive
 
 
 
 
Expand article

Virtualization and security - are we missing the wood for the trees?

2008-03-31 12:05:40 by Paul Stamp in Security & Risk Management
 
...security and virtualization in recent times and can't help thinking that people are falling into the old trap of going after the possible rather than the probable Most discussions I've seen around security and virtualization center around subtle threats to the hypervisor layer, and whether its possible to jump from one virtual machine to...
 
Tags: security, virtualization, security business model, options virtualization introduces, subtle virtualization threats, business, security services, virtual machine, virtualization center
 
 
 
 
Expand article

What can we learn from Hannaford & TJX?

2008-03-30 12:58:07 by Chenxi Wang in Security & Risk Management
 
...information, see the Forrester report: "Operationalizing Application Vulnerability Management
 
Tags: hannaford, web applications, critical assets weekly, critical assets, practice companies, applications, companies, practice, hannaford data breach
 
 
 
 
Expand article

How Unsecure Is The Web?

2008-03-30 12:54:58 by Chenxi Wang in Security & Risk Management
 
In the course of doing research for my upcoming Internet threat report, I came across some worrisome statistics. A Google researcher recently reported approximately 1.3% of all Internet queries would return at least one URL that contain malicious content. A year ago, March 2007, this number was 0.3%. The same report also indicates that 6,000 out...
 
Tags: statistics, malicious content, malicious, worrisome statistics, report, internet threat report, million, web threat detection, million urls
 
 
 
 
Expand article

K.I.S.S. the castle (analogy) good-bye! Okay, done - now what?

2008-03-30 12:50:51 by Thomas Raschke in Security & Risk Management
 
...security. The analogy certainly had its shortcomings already back then but it nevertheless got popular because of its inherent simplicity In todays complex data and identity driven world of security and risk management, the old castle simply doesnt cut it any longer. Just think of examples like the skyrocketing amount of data crown jewels all...
 
Tags: castle, castle metaphor, security, non-security folks, analogy, todays security, castle simply, network security, used-to-death castle analogy
 
 
 
 
Expand article

IT Risk Management

2008-03-28 13:09:26 by Marc Othersen in Security & Risk Management
 
IT risk management is a nebulous topic at best. There are many different ideas as to what risk means and how it should to be applied within an IT organization. In an effort to bring some consistency and clarity to this discipline, Forrester is developing an IT risk management framework. Once developed, the framework will help IT organizations...
 
Tags: risk management, risk, risk management framework, risk events, major risk, risk assessment, key risk indicators, framework, risk response
 
 
 
 
Expand article

The Hannaford PCI Fallout

2008-03-28 13:07:12 by Marc Othersen in Security & Risk Management
 
...information. Hannaford may sue its PCI auditors for damages caused by inadequate audits 4) Organizations may want a second opinion. Organizations governed by PCI may, in the short term, pay for additional reviews of their controls from sources other than their normal PCI auditors in order to gain further assurance they have effective controls...