www.PenandCamera.com: Writing Samples: 2005 About | Clips | Photography | Photo/Visual | Writing | Updates
Writing Archive: 2005

Writing Archives: 2013 | 2012 | 2011 | 2010 | 2009 | 2008 | 2007 | 2006 | 2005 | 2004 | 2003

Complete stories by date:

December 2005

Beyond Malware, SOX, and Data Breaches: The 2006 Security Forecast
Regulations, application vulnerabilities, data breaches, and evolved malware accounted for 2005’s top security trends. We look ahead to what’s in store for 2006.
(December 20, 2005)

Spyware Hampering Compliance Initiatives
Spyware poses a huge threat—yet a recent survey shows that by their own admission, many enterprises have yet to protect their information with suitable anti-spyware software.
(December 13, 2005)

Q&A: The Future of Security, Control, and SOX Compliance
Sarbanes-Oxley compliance started chaotically. By its second year, however, many organizations were investigating how automated controls could help them see SOX not as an annual cost but as a way to reduce business risk. What’s in store for year three?
(December 13, 2005)

Consumers vs. Compliance: Where the Security Buck Stops
Regardless of the laws on the books, consumers hold companies responsible for data breaches, spyware, and phishing attacks
(December 6, 2005)

Q&A: What Makes a Good Chief Information Security Officer?
To succeed, a chief information security officer needs project management skills, business process expertise, a budget, and authority—and an aptitude for diplomacy.
(December 6, 2005)

Attackers Shift Exploits to Applications
The 2005 SANS Top 20 list of the worst vulnerabilities finds attackers deserting operating system vulnerabilities, for flaws in applications and network devices.
(December 6, 2005)

November 2005

How to tame Google Desktop
If your organization doesn't block Google Desktop and other desktop search engines, chances are these programs are running on many of your users' PCs.
SearchSecurity.com (November 29, 2005)

Malware Clean-Up Swamps IT Managers
Companies favor security technology, overlook adequate user training
(November 29, 2005)

Provider's Remote Access Success
Giving mobile users access to enterprise applications and internal portals via an SSL VPN can be tricky. Midwest Wireless' implementation was exceptionally smooth. What's their secret?
(November 29, 2005)

When Data Walks: Safeguarding Portable Media
When cell phones have 40 GB hard drives and data breaches can cost millions of dollars, should organizations that handle sensitive information restrict the use of removable storage?
(November 15, 2005)

Layering is Key to Countering Zero-Hour Attacks
Post-virus attack cleanup costs $200 per system. Taking a layered approach to protection can help keep your PCs safe.
(November 15, 2005)

Case Study: Outsourcing Threat Detection
With an increasing number of threats and limited IT staff resources, one company turns to outsourcing network monitoring.
(November 15, 2005)

Q&A: Natural Disasters Drive Renewed Focus on Backup/Recovery Plans
In a year of attention-grabbing natural disasters, IT is once again focusing on disaster recovery plans. Here are some best practices to consider when drafting your plans.
(November 8, 2005)

Virtual Patching Secures Web Applications
Discovering Web application vulnerabilities -- which account for a staggering majority of all vulnerabilities seen in the wild -- is the easy part. Keeping them fixed is another story.
(November 8, 2005)

Case Study: Tracking Software Changes for Compliance
"We've considered getting badges and guns, but the company frowns on the guns," explains the director of configuration management for ADP, a financial services software company. Certainly, tracking software changes can be a problem. Getting rid of the paper trail was a big first step.

Regulations Driving E-mail, IM Backup and Recovery
Thanks to a variety of regulations, businesses must retain e-mail and instant messages, creating an information glut. Here’s how to manage it.
(November 1, 2005)

Oracle Database Passwords Vulnerable to Attack
Using a password hash, attackers can crack a database in about four minutes
(November 1, 2005)

October 2005

Forensic Contingency Planning: Where to Start
A forensic readiness program helps a company protect its assets and know when they’ve been compromised.
(October 25, 2005)

Q&A: Monitoring What Web Applications Divulge
Watching inbound and outbound Web applications communications for signs of attack.
(October 25, 2005)

Usability of Intranet Portals
A Report from the Trenches: Experiences From Real-Life Portal Projects
This 188-page report on intranet portal usability, with 93 screenshots, uses case studies and lessons learned from portal projects in numerous companies, as well as government agencies, to determine best practices for building and maintaining an intranet portal. (Co-authored.)
Nielsen Norman Group (October 2005)

Case Study: Furthering Role-Based Access
Securing access in the post-mainframe world

How Data Security Breaches Hit the Bottom Line
A new survey reveals the best way to deal with breaches

Preventing Risky Password Practices
Users hate passwords, and it shows.

Regulations Drive Whole-Disk Encryption
With the average public data breach costing $7.5 million to clean up, security managers seek automated hard disk encryption.

Learning from CardSystems: Compliance Doesn’t Equal Security
CardSystems blamed a shoddy audit for its 40-million-record data loss. But the auditor claimed the breached systems were beyond its scope. Who was right? Who was to blame? What can be learned from the argument?

Bot Networks and Modular Code Target Enterprises
Increased attacks are driven by money and modularity.

Improving Automated Vulnerability Remediation
Given the incredibly small window afforded IT managers for patching vulnerable systems, security experts recommend getting help in categorizing vulnerabilities as well as in determining which are actually present.

September 2005

Q&A: Harnessing Trusted Computing Modules
Planning identity management or authentication rollouts? Don't forget to factor in the Trusted Computing Modules now built into many PCs.

Sarbanes-Oxley: Enterprises Turning to Automation
Automated security and access controls get top attention as enterprises move into their second year of Sarbanes-Oxley compliance.

Zipping, Encrypting, and Shipping under HIPAA
Could your backup tapes disappear during shipment? Aurora Health Care decided to avoid the risk by encrypting and zipping health data before sharing or shipping it.

Web Services: Where Identity Management Goes From Here
SAML, Liberty, WS-Federation—a number of Web Services standards are competing for security managers’ attention. Here’s how to differentiate between the options.

Putting IPS Claims to the Test
A neutral, third-party testing organization rates IPS performance, accuracy, and reliability.

Acute Care: HIPAA, a Hospital, and Database Security
If you want to secure databases containing protected health information, the first big challenge is to find them.

New Data Security Standards Set for Utilities
New regulations mandate increased security for utilities' supervisory control and data acquisition systems.

Q&A: Targets Shift for Application Security Attacks
With attackers gunning for sensitive information, it’s time to rethink Web application code development or face the consequences.

FDIC: Spyware Cure Requires More Than Technology
When the FDIC recommended financial organizations improve their response to spyware, it meant helping to protect customers, as well. And, as its recent Financial Institution Letter notes, technology alone won't solve the problem.

Q&A: How Spyware Escapes Definition
What exactly is spyware? Just as with viruses, discussion of malware, grayware, adware, and spyware often gets hung up on definitions, and lately even legal threats over classifications.

Evaluating the New ISO 17799 Standard
ISO 17799, the world’s most-used information security framework, gets updated.

August 2005

Fodor's Paris 2006
Inhale the aroma of the city's biggest cheese tray, find a hidden gem in the Western world's greatest art collection, haggle over a vintage find in a century-old market, or take the best boat tours down the Seine.
Random House (September 2005)

Case Study: Polysius Takes Layered Approach to Endpoint Security
The term “endpoint security” includes new types of technology, which makes sense when Polysius’ manager of IT details the myriad, evolving threats to his corporate network, and the company's defenses.

Regulations, Fear Driving More-Secure Code Development
To counter security threats, developers can reverse-engineer their products, or take a less expensive and more effective approach

Zotob Continues to Hammer Windows 2000
Exploits are already circulating for a recently announced Windows plug-and-play vulnerability. Experts recommend better endpoint security controls.

Next-Generation Storage: Think Virtual
As storage infrastructures become increasing complex, storage virtualization is letting IT managers see the forest for the trees, abstracting all available resources into a single entity: available storage. Behind the scenes, intelligent networks handle the data routing. Of course, this new technology comes at a price.
Enterprise Systems (August 16, 2005)

Microsoft Can’t Count: New Vulnerability Disclosure Criticism
Microsoft details five critical vulnerabilities, including a flaw that could be automatically exploited by a malicious Web page or e-mail
Enterprise Systems (August 16, 2005)

Hospital Opts for Password Help
If you build a self-service password tool, will users adopt it? Under the guidance of myriad regulations and with 14 percent of its help desk calls relating to password resets, University Hospital Birmingham asked this question.
IT Compliance Institute (August 9, 2005)

Q&A: The State of Endpoint Security
Organizations can derive the benefits of endpoint-security standards without the standards
Enterprise Systems (August 9, 2005)

Giving Users Control of E-mail Archiving for Compliance
Automated backups for compliance are essential in regulated industries, yet sometimes users need to make their own sets of compliance-related e-mails. Enter drag-and-drop archiving.
Enterprise Systems (August 9, 2005)

Case Study: Screen Actors Guild Healthcare Monitors IM
Ensuring the security of personally identifying information is a must for any healthcare organization. But the healthcare arm of the Screen Actors Guild was especially set on ensuring that information on well-known actors and celebrities didn't leak out through instant messaging.
IT Compliance Institute (August 2, 2005)

Securing Admin Passwords: It Takes a Vault
If you're not managing your admin passwords, it'll be difficult to audit them, ensure their reliability, or defend against malicious insiders. Such concerns drove Manitoba Lotteries Corp. to adopt a software-based password vault.
Enterprise Systems (August 2, 2005)

Zero Day Initiative Trades "Points" for Vulnerabilities
Know of a harmful vulnerability that hasn't gone public? A new program wants to hear about it.
Enterprise Systems (August 2, 2005)

July 2005

Financial IM and E-mail Storage Mandate
For financial services firms, archiving electronic communications isn't an option: it's a mandate. But not all organizations interpret the regulations correctly or have the technology approaches to meet auditor demands.
IT Compliance Institute (July 26, 2005)

Is Too Much Anti-Spyware a Bad Thing?
An end user with two real-time anti-spyware engines asks if too much anti-spyware software is a bad thing
Enterprise Systems (July 26, 2005)

CSI Study Reveals Shifts in Security Threats
The latest Computer Crime and Security Survey shows cybercrime incidents and the cost of security breaches are decreasing, but Web site attacks and thefts of sensitive information are rising quickly.
Enterprise Systems (July 26, 2005)

Endpoint Security Coming of Age
According to IDC, the definition of endpoint security is unclear to many in the industry, and that could lead to problems. But not at National Instruments, which has learned how to successfully use the technologies to control infections.
SearchSecurity.com (July 21, 2005)

Philadelphia Exchange Audits for Compliance
When it comes to regulations, organizations must implement effective processes and procedures or face the consequences. But not all organizations are sweating. The Philadelphia Stock Exchange shares its approach to meeting regulations—including managing auditors and staying competitive.
IT Compliance Institute (July 19, 2005)

Case Study: Containing Endpoint Infections
How can organizations better contain virus outbreaks and defend against destructive or mass-mailing worms?
Enterprise Systems (July 19, 2005)

Microsoft and Apple Patch Operating Systems
Microsoft patches two buffer overflow vulnerabilities, Apple patches OS X 10.4
Enterprise Systems (July 19, 2005)

Q&A: Workarounds for Active Directory's Limitations
Too often, Microsoft’s Active Directory and its Group Policy Objects don't offer the granularity security administrators need.
Enterprise Systems (July 12, 2005)

Enterprises Battle Cyber-Criminals, Targeted Attacks
Automated worms and malware-born invaders are still wreaking havoc in the enterprise, and financial losses from cyber-criminals are increasing.
Enterprise Systems (July 12, 2005)

Q&A: Are Fingerprints the Next Smart Card?
More organizations are using fingerprints for logging onto PCs and into sensitive applications.
Enterprise Systems (July 6, 2005)

Case Study: Choosing Hosted Enterprise IM
A financial firm faces regulations for monitoring and retaining IM communications.
Enterprise Systems (July 6, 2005)

June 2005

Enterprises Struggle with Identity Management Roles
Identity management software adoption is increasing, but many organizations still rely upon too many group permissions to effectively manage their implementations.  
Enterprise Systems (June 29, 2005)

CSO Worries High, Actions Lax
CSOs worry about infected or unknown PCs logging onto their networks, but only one-third of companies are doing something about it  
Enterprise Systems (June 29, 2005)

In Brief
Targeted Trojan Attacks Increase, Security Zaps Productivity, Spyware Distributor Settles
Enterprise Systems (June 29, 2005)

Q&A: How to Get and Keep a Security Job
Focus on social networking, ongoing analysis of today’s most-needed information security skills, and a diverse training regimen.
Enterprise Systems (June 22, 2005)

Guarding Against Esoteric Security Leaks
Analyzing esoteric attacks highlights where security can succeed and how secure devices can fail in unforeseen ways.
Enterprise Systems (June 22, 2005)

In Brief
Beware Standalone Patch Products, Banks Adopt More Security, Improving Can-Spam
Enterprise Systems (June 22, 2005)

Q&A: Moving to Web Services Identity Management
Architecting fine-grained access to Web Services for many users at multiple organizations is difficult to implement or audit using identity management software. We discuss alternatives.
Enterprise Systems (June 15, 2005)

How to Lower Security Compliance Costs
How organizations can get (and stay) compliant while spending less
Enterprise Systems (June 15, 2005)

In Brief
Bluetooth Attack Compromises PINs, New Smart Phone Malware, Charting the E-mail Security Market
Enterprise Systems (June 15, 2005)

Case Study: Energy Company Monitors IM
The need to protect its IM users from outside attacks, spam, and regulatory requirements leads Kansas’ largest electric utility to adopt IM monitoring software.
Enterprise Systems (June 8, 2005)

Caveat Browser: Mozilla Targeted
Will security flaws dent Mozilla's status as a trusted alternative to Internet Explorer?
Enterprise Systems (June 8, 2005)

In Brief
Microsoft Updates XP WiFi Security, Worm Goes Right-Wing
Enterprise Systems (June 8, 2005)

Q&A: Sorting Out Desktop Protection Technologies
The differences between signature-based, access control, and intrusion prevention products
Enterprise Systems (June 1, 2005)

Few Organizations Increase Spending to Improve Security
While operator errors get blamed for the majority of security incidents, organizations aren’t budgeting a fix.
Enterprise Systems (June 1, 2005)

In Brief
CA Antivirus Vulnerabilities; AOL Patches New Netscape;, Beware Phishing E-mails Bearing Keylogging Software; New Trojan Encrypts PCs
Enterprise Systems (June 1, 2005)

May 2005

Three Good Reasons to Look at Database Security Software
If you're relying on your database for access authentication, administration, and auditing, you may be on shaky ground. These core information security features aren't built into most database management systems. Third party tools can fill the gaps, but what kinds of functionality should security managers look for?
IT Compliance Institute (May 31, 2005)

Severity of Spyware Attacks Escalates
Despite dedicated software to defend the enterprise, the economics of spyware leads attackers to respond with more complex attacks or attacks aimed at just one company.
Enterprise Systems (May 25, 2005)

Best Practices: Defending Against Insider Attacks
A new report from CERT and the U.S. Secret Service shows how to begin preventing insider attacks.
Enterprise Systems (May 25, 2005)

In Brief
Avoiding Time Warner’s Backup Mistakes; Learning from Loveletter; Tivoli Offers Security Index
Enterprise Systems (May 25, 2005)

Q&A: Is Microsoft's Security Trustworthy?
Three years after Microsoft launched an initiative to improve its products’ security, we talk to information security veteran Gary Morse, president of Razorpoint Security Technologies, about the results.
Enterprise Systems (May 18, 2005)

Case Study: Continental Secures Remote Access, Trims Costs
Sometimes the drive for better security can also bring cost savings.
Enterprise Systems (May 18, 2005)

In Brief
Prosecuting Spyware Makers, A New Endpoint Security Standard
Enterprise Systems (May 18, 2005)

Data Defense: Six Practices for Safeguarding Information
Databases are under the gun, with a spate of recent database breaches and backup-tape losses leading the headlines. While database security isn’t a new topic for regulated companies, today’s environment makes it imperative to properly lock down databases automatically. Here are policies and procedures to help.
IT Compliance Institute
(May 17, 2005)

Q&A: Enterprises Shift to All-in-One Security Appliances
Why use separate firewall, intrusion detection and prevention, gateway antivirus, and VPN products when one appliance can handle it all?
Enterprise Systems (May 11, 2005)

SANS Top Vulnerability List Gets Quarterly Updates
List helps prioritize vulnerability patching
Enterprise Systems (May 11, 2005)

In Brief
Sober.V Spreads, Apple Fixes 20 OS X Vulnerabilities, Mytob Tops Virus List
Enterprise Systems (May 11, 2005)

Five Bluetooth security basics
A step-by-step guide.
SearchSecurity.com (May 10, 2005)

Q&A: The Future of Service-Oriented Architecture Security
WS-Security, Liberty, and SAML play nice together
Enterprise Systems (May 4, 2005)

Web Site Attacks Continue to Rise Sharply
Attacks against Web sites, including Web-site defacements, are on the rise.
Enterprise Systems (May 4, 2005)

In Brief
Data Storage Security a Concern; Symantec’s 64-Bit Antivirus; Multiple Mozilla, Netscape Vulnerabilities
Enterprise Systems (May 4, 2005)

April 2005

Q&A: How to Assess Pharming Threats
Pharming attacks are on the rise. Should your organization be concerned?
Enterprise Systems (April 27, 2005)

Your Next Battle Front: Network-Based Worms
As the effectiveness of e-mail worms decreases, attackers turn to network-based worms.
Enterprise Systems (April 27, 2005)

In Brief
Eight Firefox Vulnerabilities; Microsoft Previews Longhorn Security; Windows XP SP2 Rollout Lags
Enterprise Systems (April 27, 2005)

Secure the Farm: Evaluating Secure Storage Appliances
Database encryption protects critical data, while reducing the administrative cost and risks attached to its storage, transportation, and management.
IT Compliance Institute (April 26, 2005)

Case Study: Data Warehouse Survives Corporate Restructuring
When Intelsat, a commercial satellite services provider with 28 geostationary satellites, changed from a non-profit, intergovernmental organization to a for-profit, commercial company, it needed real-time feedback as it literally rebuilt itself--from sales to marketing to management.
Business Intelligence Journal (April 21, 2005)

Q&A: How to Secure a Critical Infrastructure
A cybersecurity group works to improve security in the chemical industry.
Enterprise Systems (April 20, 2005)

Spend Less, Secure More
Companies that better target their security spending actually spend less and have more effective security programs
Enterprise Systems (April 20, 2005)

In Brief
Ten Microsoft Problems; Lotus Notes and Domino Vulnerabilities
Enterprise Systems (April 20, 2005)

Out of Breach: Eight Ways to Beat IT Policy Resistance
Nobody loves reading IT policies, but every employee must adhere to them. From designing readable policies to making reasonable exceptions, IT and compliance managers must apply both professional insight and personal intelligence to policy enforcement. Eight best practices can help IT managers beat employee resistance to new policies.
IT Compliance Institute (April 19, 2005)

Database Security Requires a Multi-Pronged Approach
Regulations are leading organizations toward automated database intrusion prevention, auditing, and encryption
Enterprise Systems (4/13/2005)

Q&A: Security Best Practices Include Automated Remediation
Automated vulnerability remediation exists, but most companies still take a manual approach
Enterprise Systems (4/13/2005)

In Brief
Executives Decry Cost of SOX, IM Security Still a Concern, and a Mobile Phone Worm Evolves
Enterprise Systems (4/13/2005)

Securing Web Services in a Regulatory Environment
To secure Web services and meet regulatory requirements, organizations must keep their business and IT agendas aligned.
IT Compliance Institute (April 12, 2005)

What's Ahead for Enterprise Anti-Spyware
Performance takes biggest hit from spyware today; look out for spyware working as a phishing aid
Enterprise Systems (4/6/2005)

From One Security Nightmare To Another
Security managers have boosted antivirus and firewall protection, but enterprises may need to switch gears as new regulations target how enterprises handle personally identifying data
Enterprise Systems (4/6/2005)

In Brief
Symantec Antivirus Vulnerability; New Identity Management Acquisitions; NIST Releases HIPAA Security Guide
Enterprise Systems (4/6/2005)

Mortgage Data Network Tackles GLB Compliance
Companies handling confidential customer data must do more than claim their information is secure: they must prove they’re above reproach.
IT Compliance Institute (4/5/2005)

March 2005

The CLEC Marketplace Today
Common Local Exchange Carriers: Rising from the ashes.
Pipeline (March 2005)

Taming Smart Phones
If your phone is so smart, why is it an enterprise security risk?
Enterprise Systems (3/30/2005)

Case Study: Bank Audits Vulnerabilities with Security Appliance
Cape Cod Cooperative Bank chooses a dedicated appliance to can its network for vulnerabilities
Enterprise Systems (3/30/2005)

In Brief
Free Stuff a Security Risk; New Firefox Flaws Surface
Enterprise Systems (3/30/2005)

InfoSec Synergies: Aligning Standards Improves Security
Pre-packaged policies and new "crosswalks" between HIPAA requirement and major security standards help companies blaze a faster trail to proven, defensible information security practices.
IT Compliance Institute (3/29/2005)

Ignorance of Spyware in the Enterprise Still High
What happens when an organization with spyware problems can’t install anti-spyware software on every system?
Enterprise Systems (3/23/2005)

Lack of Messaging Controls = Regulatory Risk
Mobile phones, lack of policies expose the enterprise
Enterprise Systems (3/23/2005)

In Brief
Criminal intentions behind half of all attacks; mass-mailing worms on the outs
Enterprise Systems (3/23/2005)

Q&A: Endpoint Security for Unknown Devices
How can IT managers secure endpoints over which they have no control?
Enterprise Systems (3/16/2005)

Tips for CSOs: How to Discuss Security Issues with Executives
Many CSOs still have difficulty communicating security requirements to their more business-oriented peers.
Enterprise Systems (3/16/2005)

In Brief
Forrester pushes personal firewalls, virus writers join forces, Windows rootkits circulate, Symantec sees kid sites awash in adware
Enterprise Systems (3/16/2005)

Corporate Security Awareness Grows but Funding Lags
Survey shows security managers still face budget battle. (Reprint)
IT Compliance Institute (3/15/2005)

Q&A: Security Policy Best Practices
Communication and monitoring are key, but policies must evolve with changing regulations and new technologies
Enterprise Systems (3/9/2005)

Social Engineering Bypasses Information Security Controls
Identity theft draws media attention; phishing attacks skyrocket
Enterprise Systems (3/9/2005)

In Brief
Automating E-Mail Retention, Industry Forms VoIP Security Alliance
Enterprise Systems (3/9/2005)

Best Practices in VoIP Security
Don't forget to secure your VoIP network
Enterprise Systems (3/2/2005)

Corporate Security Awareness Grows but Funding Lags
Survey shows security managers still face budget battle
Enterprise Systems (3/2/2005)

In Brief
Resistance, then acceptance of automated e-mail retention; reports of spam’s decline premature
Enterprise Systems
(3/2/2005)

Finding Better Opportunities for Automation ROI
SOX Approach Shifts From Tactical to Strategic
IT Compliance Institute (3/1/2005)

Ten Best Intranets of 2005
This 235-page report reviews the designs and usability of the world's ten best intranets. (Coauthored with Kara Pernice Coyne and Jakob Nielsen.)
Nielsen Norman Group (March 2005)

February 2005

Buyer Beware: Putting Intrusion Protection to the Test
A new report examines IPS products in rigid performance, security, and usability tests.
Enterprise Systems (2/23/2005)

Unraveling Common VPN Flaws
Chances are your VPN is vulnerable
Enterprise Systems (2/23/2005)

In Brief
Anti-spyware fallout, CTOs urge online crime taskforce, Microsoft specs IE7, mobile phone virus arrives in U.S.
Enterprise Systems (2/23/2005)

How Much Security Is Too Much?
Profiling the Institute for Security and Open Methodologies (ISECOM), which promotes practical, vendor-neutral security through open-source security methodologies.
InformIT.com (February 18, 2005)

Locking Down Laptops
Keeping hard drive data encrypted is more important than ever
Enterprise Systems (2/16/2005)

Scale is Everything for Pentagon’s Digital Security
The Department of Defense adopts new certification verification processes
Enterprise Systems (2/16/2005)

Microsoft Update Onslaught Targets Spyware, Viruses
Experts say Microsoft could be leading the charge for antivirus and anti-spyware software that runs from a single interface
Enterprise Systems (2/16/2005)

Case Study: Virtual Patches Defend Web Applications
Web-application firewalls protect against unknown attacks
Enterprise Systems (2/9/2005)

Q&A: Preventing “Applications Gone Wild”
Software can establish a baseline of "normal" application activity, then sound the alarm when an app behaves erratically
Enterprise Systems (2/9/2005)

In Brief
CSOs concerned by malware and regulations; top IM security predictions; Eudora vulnerability
Enterprise Systems
(2/9/2005)

Putting Next-Generation Smart Cards to Work
Two trends are driving the growth of digital signatures for sign-off and revisions of digital documents
Enterprise Systems (2/2/2005)

Control System Leave Manufacturers Vulnerable
Manufacturers' inability to patch their computers against every newly discovered virus and worm leaves their systems highly exposed
Enterprise Systems (2/2/2005)

In Brief
Security hiring growth slow but steady; end-users blame ISPs and product vendors for spam
Enterprise Systems (2/2/2005)

The Good-Intention Gap: Records Management Realities
A “credibility gap” between the good intentions of organizations and what employees actually do highlights critical flaws in information-management.
IT Compliance Institute (2/1/2005)

Compliance Drives Network Security Spending in 2005
In 2005, will the market view of compliance as a business and operational challenge overshadow compliance as an IT point-problem?
IT Compliance Institute (2/1/2005)

January 2005

Defection to More-Secure Browsers? Don't Bet On It
With more-secure browser alternatives now available, will IE go by the boards?
Enterprise Systems (1/26/2005)

Top 10 Data Center Dangers
Many organizations skimp on maintaining health data centers, putting security at risk
Enterprise Systems (1/26/2005)

In Brief
2005 security growth areas, tricking code to reveal its flaws, and a mobile-phone virus gets legs
Enterprise Systems
(1/26/2005)

Case Study: Adopting Inverted Firewalls
How to safeguard an educational network when its users face few rules and resources don’t exist to police them closely
Enterprise Systems (1/19/2005)

Security Spending Trends for 2005
What's hot in security spending this year
Enterprise Systems (1/19/2005)

In Brief
Automated bots crawl Internet for spyware, and the NSA talks about securing Mac OS X installations
Enterprise Systems (1/19/2005)

Information Security Compliance: Outsourcing Grows
This year is likely to mark a sea-change in companies’ willingness to outsource information security practices. As compliance deadlines loom, many CIOs are opting out of building in-house security practices and turning to managed-security services vendors as a more viable and reliable compliance option.
IT Compliance Institute (1/18/2005)

Q&A: Open Source Network Vulnerability Scanners
Vulnerability management is no longer about maintaining perfectly patched machines.
Enterprise Systems (1/12/2005)

Case Study: Protecting Hospitals’ Increasingly Networked Systems
HIPAA mandates penalties for data disclosure. Here's how a hospital went about finding an intrusion detection solution.
Enterprise Systems (1/12/2005)

In Brief
Continuing Internet Explorer vulnerabilities; FTC sweep for GLBA compliance snares two companies
Enterprise Systems (1/12/2005)

Untangling Endpoint Security Initiatives
Two Endpoint security initiatives are underway—one from Cisco, the other from Microsoft. We take a closer look at these plus the evolution of endpoint security.
Enterprise Systems (1/5/2005)

Critics Blast Cybersecurity at Department of Homeland Security
When it comes to information security, does the U.S. Department of Homeland Security have a blind spot?
Enterprise Systems (1/5/2005)

In Brief
Problems with Adobe Acrobat, Microsoft .NET, and phpMyAdmin
Enterprise Systems (1/5/2005)

Opening the Black Box: IT Controls Aid Compliance
By helping companies to document cryptic IT processes, development frameworks promote compliance and improve productivity along the way.
IT Compliance Institute (1/4/2005)

Previous writing archive: 2004


This page last updated: 28-Jan-2013

Mathew Schwartz
Mat@PenandCamera.com