Site Sponsor:
Ask the Expert
Search this site
Entries from Realtime Community | Messaging and Web Security tagged with 'compliance'
Key to Online Apps Success: Control, Control, Control
BusinessWeek asks what's Holding back Google Apps?. The answer is the same thing that always kills deals to move corporate data to the cloud: control....
Posted by Dan Sullivan on May 14, 2009 12:22 PM
Massachusetts Delays New Data Protection Regulation
An early Christmas gift for companies doing business in Massachusetts: the state has postponed until May 1, 2009 the implementation of a new data protection regulation....
Posted by Dan Sullivan on December 22, 2008 1:20 AM
No, We Aren't Doomed
Everyone with an interest in the state of IT security should read Lenny Zeltser's post at SANS entitled "Are We Doomed", which as the name implies, list reasons we'll continue to be plagued by difficult security challenges but it also...
Posted by Dan Sullivan on November 19, 2008 7:58 AM
Palin Email Hack Shows Why Mixing Business & Personal Emails Such a Bad Idea
Checking your personal email from a corporate system is one thing, using a personal account to conduct business is another. The former is one of those balancing risk and functionality questions. We all have busy lives and many of us...
Posted by Dan Sullivan on September 19, 2008 8:52 AM
Fines Part of Cost of Security Breach
LPL Financial Corporation has agreed to pay a $275,000 penalty to the Securities and Exchange Commission (SEC) for failing to adopt policies and procedures to safeguard their customers' personal information, leaving at least 10,000 customers vulnerable to identity theft following...
Posted by Dan Sullivan on September 12, 2008 10:19 AM
Implementing Centralized Policy Management
We've just posted a new article on centralized policy management. Here is an excerpt:...
Posted by Dan Sullivan on September 9, 2008 12:44 PM
Improving Policy Compliance with Automatic Remediation
We've posted a new article on policy compliance and remediation. Here's an excerpt:...
Posted by Dan Sullivan on August 28, 2008 8:37 AM
Getting Started with Governance, Compliance and Risk Management
Governance, compliance and risk management (GCR) is a broad, demanding and sometimes intimidating topic but there are strategies for getting GCR under control. This podcast describes a seven step process for getting a GCR program started with an emphasis on...
Posted by Dan Sullivan on August 6, 2008 9:34 AM
Management Issues in Full Disk Encryption
Full disk encryption can be a significant part of a data loss prevention program but it comes with management challenges. This podcast discusses some of the advantages and management issues faced when deploying and maintaining full disk encryption for mobile...
Posted by Dan Sullivan on July 29, 2008 6:00 PM
Cloud Computing Security
There are many advantages of cloud computing, like the promise of resources on demand and lower costs, but improved security isn't one of them....
Posted by Dan Sullivan on July 15, 2008 6:17 AM
Real Compliance Requires Technical Expertise
Network World published an interview with an Ex-Bear Stearns CISO on compliance which raises some pressing questions but I think falls short on the right answer....
Posted by Dan Sullivan on July 14, 2008 1:45 PM
Supermarket Breach, PCI and Responsibility
Details of the Hannaford Bros. supermarket breach are still limited but one thing has been clear from the beginning and that is that the retailer claimed it was PCI compliant. This immediately raises a number of questions that can't be...
Posted by Dan Sullivan on March 24, 2008 10:17 AM
Latest Retail Breach Targets Data During Transmission
The grocery chain Hannaford Bros. Co. was hit by a sizable data breach from December 2007 to March 2008. Mastercard and Visa have notified member banks about the breach which involved the theft of card numbers and expiration dates during...
Posted by Dan Sullivan on March 18, 2008 8:49 AM
What Good is a Security Policy if We Ignore It?
Anton Chuvakin points out in his ComputerWorld opinion piece Security policy in the age of compliance that even security professional ignore security policies. He cites a Ponemon Institute study that found: more than half of the 890 respondents said that...
Posted by Dan Sullivan on January 28, 2008 8:46 AM
Database Auditing
We've just added an article on database auditing to the Messaging and Web Security Essential Series. Here is an excerpt: Database security is gaining more attention and justifiably so. Concerns about compliance, privacy protection and data loss will naturally lead...
Posted by Dan Sullivan on December 7, 2007 12:25 PM
5 Things to Consider with Mobile Device Encryption
An article on mobile device encryption has just been added to the Essential Series: Messaging and Web Security Volume II. Here's an excerpt: There is no shortage of headlines about lost or stolen laptops containing confidential data. There is also...
Posted by Dan Sullivan on November 30, 2007 10:04 AM
Should You Use Online Replacements for Desktop Applications? 12 Things to Consider Before Making the Move
If you are considering Google Apps, Zoho, ThinkFree or other online applications to replace or complement Microsoft Office, here are 12 things to consider before making the move. This podcasts groups the 12 topics into 3 broad categories: functionality, technical...
Posted by Dan Sullivan on November 13, 2007 2:56 PM
Data Protection Bill killed in California
Just last week, I wrote on the Canadian governments move to improve privacy protections. This week the news is about Arnold Schwarzenegger vetoing a data protection bill in California. The bill tried to out do PCI DSS, which some retailers...
Posted by Dan Sullivan on October 15, 2007 9:57 AM
More Security and Compliance Tools for Google Apps
Associated Press reports Google will make an announcement later today about an upgrade to their corporate email service. The tools acquired in the Postini acquisition will likely be the center of attention. Founded in 1999, Postini provides tools that insulate...
Posted by Dan Sullivan on October 3, 2007 7:45 AM
Microsoft Makes More Moves to Software as a Service
Microsoft is making more announcements about its strategy to implement some kind of Web-based Office solution. We've been waiting for details on how Redmond would respond to Google Apps and the demise of pay-for-local-use word processing/spreadsheet/presentation software. The details are...
Posted by Dan Sullivan on October 1, 2007 8:35 AM
McAfee CEO: Cybercrime Bigger Than Drug Trade
In a keynote address to the InformationWeek 500 conference, McAfee CEO David DeWalt summarized the state of cybercrime and the security market, including something of a wake up call: DeWalt said "it's amazing how low the awareness is of cyber-security...
Posted by Dan Sullivan on September 19, 2007 7:37 AM
Data Loss Prevention Tools - What the Market Has to Offer
Data loss prevention (DLP) tools can mitigate the risk of accidental and deliberate disclosure of private and confidential data. Compliance and intellectual property protection are two drivers behind the increasing importance of DLP. This podcast describes the current state of...
Posted by Dan Sullivan on August 27, 2007 12:34 PM
TJX Breach Costs Continue or How to Save Your Company Almost $112 Million
TJX's second quarter FY08 earnings estimates include an high level description of the cost of the data breach reported earlier this year. The company paid out $11 million during the quarter and set aside another $107 million to cover future...
Posted by Dan Sullivan on August 15, 2007 7:33 AM
Data Breaches Threaten Intellectual Property and Bottom Line
As a follow up to an earlier post on data breaches and intellectual property, see Data breaches, compliance drive intellectual property protection The study found that more than one-third of organizations not using data loss prevention technology had information stolen...
Posted by Dan Sullivan on July 11, 2007 11:12 AM
Google Acquires Security Vendor Postini
Google understands that software as a service requires security as a service so they’ve put $625 million on the table to buy Postini. Enterprises aren’t going to move to Google Apps or any other software service unless they can trust...
Posted by Dan Sullivan on July 9, 2007 9:31 AM
Which is Better: BitLocker or Hardware Encryption?
Eweek covers Gartner analyst Neil MacDonald's take on Vista's BitLocker encryption. Overall the assessment is good but there are a few drawbacks. For starters, you have to subscribe to Microsoft's Security Assurance program to get BitLocker to get it "for...
Posted by Dan Sullivan on June 7, 2007 7:55 AM
Getting Started with Security Information Management
Effective security management requires more than deploying firewalls and anti-virus software. Getting started with security information management is challenging but this podcast provides an overview of how to proceed. Starting with planning and moving through policy development to addressing key...
Posted by Dan Sullivan on May 1, 2007 4:55 PM
Improving Security of Online Transactions
The steady stream of security breaches is taking its toll on consumer confidence. Andrea Klein at E-Commerce Times points out: [T]he Ponemon Institute, a research and education organization focusing on information and privacy practices, revealed in its "2006 Privacy Trust...
Posted by Dan Sullivan on February 13, 2007 8:54 AM
Compliance and Web Application Security
Regulations made clear the need to protect the privacy and integrity of information. One aspect of meeting those requirements is securing Web applications that collect, manage and analyze that information. This podcast examines some common security problems in Web applications...
Posted by Dan Sullivan on December 26, 2006 5:03 PM
Is Compliance the Key to Raising Security Awareness?
The Confernce Board, a leading business research group, produced a report for the U.S. Department of Homeland Security on executive attitudes about information security. Some of the results, reported by TechWeb are discouraging. A fundamental problem is that many executives...
Posted by Dan Sullivan on November 13, 2006 8:23 AM
Supporting Compliance with Risk Management
Understanding and addressing risk is fundamental to compliance. Risk management requires identifying risks, assessing the potential impact of those risks, and reducing those risks. This podcasts provides an overview of the risk analysis process with an emphasis on managing IT...
Posted by Dan Sullivan on November 10, 2006 11:21 PM
Preventing Data Loss is Key Element of Compliance
Compliance with Sarbox, GLBA, HIPAA and a number of other regulations has become a key driver behind information security decision making. This does not necessarily change how security professional do their job, but it will provide for higher profile recognition...
Posted by Dan Sullivan on November 8, 2006 7:55 PM
Good Cyber-Citizenship or Self-Incrimination?
Some of the most problematic malware these days has a decidedly economic driver behind it. Trojans, keyloggers, botnets and other information stealing and resource controlling malware are the foundation for a underground cyber economy where credit card numbers and PayPal...
Posted by Dan Sullivan on October 25, 2006 9:33 AM
Feed Subscription
If you use an RSS reader, you can subscribe to a feed of all future entries tagged 'compliance'. [What is this?]
Other Tags
Other tags used on this blog:
- 0 day (1)
- 2-factor authentication (1)
- 2008 Summer Olympics (1)
- access control (3)
- access controls (12)
- account sharing (1)
- Acer Aspire (1)
- ACLU (1)
- Active Management Technology (1)
- ActiveX (1)
- ActiveX vulnerability (1)
- ad blocking (1)
- Ad Words (1)
- adaptive design (1)
- AdBlock Plus (1)
- Adi Shamir (1)
- Adobe (2)
- Adobe Acrobat (1)
- Adobe Flash (1)
- Adobe Reader (1)
- adult content (1)
- adult sites (1)
- advertising (3)
- adware (6)
- AI (1)
- Air Force (2)
- air traffic control (1)
- AJAX (2)
- Ajax (6)
- Ajax security (3)
- Alienware (1)
- Altiris (3)
- Amazon (2)
- Amazon compute services (1)
- Amazon EC2 (1)
- Amazon S3 (4)
- Amazon Web Services (1)
- AMTSO (1)
- Amzaon EC2 (1)
- Amzon S3 (1)
- and Sun (1)
- Android (11)
- anit-malware (1)
- anit-virus (1)
- anonymizer (1)
- anonymizing data (1)
- anonymous browsing (1)
- anonymousizer (1)
- anti-forensic (1)
- anti-forensics (1)
- anti-Islamist (1)
- anti-malware (12)
- Anti-Malware Testing Standards Organization (1)
- anti-pharming (1)
- anti-phishing (14)
- anti-spam (8)
- anti-spyare (1)
- anti-spyware (5)
- anti-virus (53)
- anti-virus filtering (1)
- AOL (2)
- Apache (2)
- Apple (19)
- Apple Safari (1)
- appliance (1)
- applicaiton security (1)
- application backdoor (1)
- application development (4)
- application firewall (1)
- application firewalls (3)
- Application security (1)
- application security (35)
- application server security (1)
- application stack (1)
- application testing (4)
- application vulnerability (1)
- application vulnerability assessment (1)
- Arbor Networks (1)
- Aritficial intelligence (1)
- arrest (3)
- Ask (1)
- Ask.com (1)
- AskEraser (2)
- asset management (2)
- Asus (1)
- Asus Eee (6)
- Asus EEE (2)
- Asus eee (1)
- Asus Eee PC (3)
- AT&T (5)
- attack code (1)
- attackers (1)
- attacks (1)
- auction (2)
- audit (6)
- auditing (12)
- audits (1)
- authenticated email (1)
- authentication (11)
- authorization (5)
- AV (1)
- backup (7)
- backup and recovery (2)
- backups (1)
- badware (1)
- bandwidth (1)
- bank bailout (1)
- Bank fraud (1)
- bank fraud (4)
- Bank of America (1)
- Bank of New York Mellon (1)
- banking (2)
- Barack Obama (6)
- Barak Obama Blackberry smartphone mobile device security policy (1)
- Barracuda (1)
- bayesian filter (1)
- Bayesian filtering (1)
- BBC (1)
- BEA (1)
- BEA Weblogic (1)
- BearShare (1)
- behavior tracking (1)
- behavioral analysis (2)
- Beijing Olympics (1)
- best practices (8)
- BGP (2)
- Bhutto assassination (1)
- Biden (1)
- Bitlocker (1)
- BitLocker (3)
- Black Hat (3)
- Black Hats (1)
- black holes (1)
- Blackberry (3)
- blackberry (1)
- blacklist (2)
- Blacksberry (1)
- Blacksburg (1)
- blended threats (2)
- blocking (1)
- blog (2)
- blogs (1)
- Blue Coat (1)
- Bluethooth (1)
- Bluetooth (1)
- bonet (1)
- Boot and Nuke (1)
- boot n nuke (1)
- Border Gateway Protocol (2)
- border patrol (1)
- Boston Mass Transit Authority (1)
- bot (10)
- Botnet (1)
- botnet (29)
- botnets (22)
- bots (1)
- branding (1)
- brandjacking (1)
- Broadcom (1)
- brokerage accounts (1)
- brokerage firms (1)
- broswer (1)
- broswer security (2)
- browser (8)
- browser cache (1)
- browser extensions (2)
- browser interface (1)
- browser secuity (1)
- browser security (18)
- browser securtiy (1)
- browser sniffing (1)
- browser vulnerability (1)
- Bush (1)
- Bush administration (1)
- business alignment (1)
- business case for security (1)
- business computing (1)
- business continuity (1)
- business intelligence (1)
- cache poisoning (1)
- calendar (1)
- camera phone (1)
- campaign (1)
- campaigns (1)
- CAN Spam (1)
- Canada (1)
- captcha (1)
- CAPTCHA (1)
- career development (1)
- categorizing (1)
- cDc (1)
- cell phone (1)
- cell phones (1)
- cellphone (1)
- censorship (5)
- CERT (2)
- certification (1)
- CertifiedEmail (1)
- CES (1)
- change management (3)
- chaos (1)
- chat room (1)
- CheckPoint (2)
- child pornography (1)
- China (4)
- Chinese military (1)
- Chrome (2)
- CIO (1)
- Cisco (4)
- civil liberties (1)
- Clearwire (1)
- clickfraud (1)
- client security (3)
- Clinton (1)
- cloud computing (22)
- cloud security (4)
- CloudSQL (1)
- clustering (1)
- CMDB (1)
- cms (1)
- COBIT (6)
- code review (3)
- codecs (1)
- Colbert Report (1)
- collaboration (3)
- college (2)
- Comcast (2)
- Comcast net neutrality FCC (1)
- command and control (2)
- Common Cause (1)
- communication (1)
- complex event processing (1)
- complexity (3)
- compliance (33)
- compliance regulation (2)
- composting (1)
- compromised Web sites (2)
- computer crime (1)
- computer crime investigations (1)
- computer security (3)
- Computer Security Institute (1)
- computer survelliance (1)
- ComputerWorld (1)
- computing (1)
- computing services (1)
- Conficker (2)
- confidentiality (2)
- configuration (1)
- configuration management (2)
- consolidated security (1)
- constraint programming (1)
- constraint satisfaction (1)
- Consumer Electronics Show (1)
- content filter (5)
- content filtering (17)
- content filters (1)
- content management (2)
- content management system (3)
- control systems (1)
- copyright (4)
- copyright violation (2)
- copyrighted movies (1)
- copyrighted music (1)
- Core Security Technologies (1)
- Coreflood (1)
- counter-terrorism (1)
- counterfeit (1)
- counterintelligence (1)
- countermeasuer (1)
- countermeasures (2)
- Country Wide (1)
- Cox Communications (1)
- cracking (1)
- crawling (1)
- credit card (4)
- credit card fraud (7)
- credit card security (1)
- credit card theft (4)
- credit fraud (1)
- credit monitoring (3)
- credit reporting (1)
- crime (1)
- crimeware (3)
- critical infrastructure (2)
- critical patch (3)
- critical patch update (3)
- critical patch updates (1)
- cross site request forgery (1)
- cross site scripting (2)
- cross site scripting attacks (1)
- cross-doemain trust (1)
- cross-site scripting (2)
- cryptanalysis (1)
- cryptography (4)
- CSI (1)
- CSO (1)
- CSRF (3)
- CTIA (1)
- Cult of Dead Cow (1)
- customs (1)
- cyber attack (1)
- cyber attacks (1)
- cyber crime (1)
- cyber insurance (1)
- Cyber Monday (2)
- cyber-attack (2)
- cyber-security (1)
- cyberattack (4)
- cyberchat (1)
- cybercime (1)
- cybercrime (52)
- Cybercrime (2)
- cybereconomy (1)
- cybersecurity (14)
- cybersquatters (1)
- cybersquatting (1)
- cyberwar (2)
- cyberwarefare (1)
- cyberwarfare (6)
- cyptography (1)
- czar (1)
- Daily Show with John Stewart (1)
- Dan Kaminsky (1)
- DARPA (1)
- Darwin Awards (2)
- data breach (46)
- data breaches (2)
- data classification (3)
- data discovery (1)
- data inference (1)
- data integration (1)
- data leak (15)
- data leaks (11)
- data loss (19)
- data loss disclosure laws (1)
- data loss pervention (1)
- Data loss prevention (1)
- data loss prevention (88)
- data loss prevention disk wiping (1)
- data loss protection (5)
- data mart (1)
- data mining (2)
- data modeling (1)
- data privacy (1)
- data protection (1)
- data security (1)
- data standards (1)
- data warehouse (1)
- data warehousing (1)
- database (2)
- database administration (1)
- database auditing (2)
- database breach (1)
- database design (1)
- database encryption (2)
- database monitoring (4)
- database security (61)
- database vulnerabilitiy (1)
- database vulnerability (2)
- databasse security (1)
- David Blaine (1)
- DB2 (2)
- DBA (3)
- dban (1)
- DDOS (4)
- ddos (4)
- DDoS (2)
- dealing with evolving malware (1)
- debate (1)
- debit card theft (1)
- decryption (1)
- default passwords (1)
- DefCon (1)
- defense in depth (7)
- Dell (3)
- Democratic Party (1)
- Democratic primary (1)
- Democratic Primary (1)
- demographics (1)
- denial of service (8)
- denial of service attack (5)
- denial of service attacks (1)
- Department of Defense (4)
- Department of Homeland Security (1)
- Department of Justice (1)
- deregulation (1)
- dermatitis (1)
- design flaw (1)
- design flaws (1)
- desktop (3)
- desktop application security (1)
- desktop applications (4)
- desktop replacements (1)
- desktop search (2)
- developerWorks (1)
- development (1)
- development environment (1)
- development methodology (1)
- development tools (1)
- device security (1)
- DHS (4)
- Diebold (1)
- Diffie-Hellman (1)
- Digg (2)
- digital certificates (2)
- digital forensic (1)
- digital forensics (2)
- digital rights management (3)
- digital signatures (5)
- disgruntled employee (3)
- disk drive (1)
- disk encryption (1)
- disk recovery (1)
- disk scanning (1)
- distributed computing (1)
- distributed denial of service (1)
- DKIM (2)
- DLP (8)
- DNS (9)
- dns poisoning (1)
- DNS poisoning (2)
- DNS vulnerability (1)
- Do Not Track (1)
- DOC spam (1)
- document spam (1)
- DOD (1)
- DoJ (1)
- domain (1)
- domain hijacking (1)
- domain integrity (1)
- Domain Keys (1)
- Domain Keys Identified Mail (1)
- domain kiting (1)
- domain name system (1)
- domain registration (1)
- domain squatting (1)
- DomainKeys (2)
- DOS (2)
- DoS (2)
- Doubleclick (1)
- DoubleClick (1)
- drive by download (2)
- drive by downloads (5)
- drive-by downloads (3)
- drive-by malware (1)
- DRM (4)
- drunk texting (1)
- Dutch Shell (1)
- DVD (1)
- dynamic analyis (1)
- e-commerce (1)
- e-discovery (2)
- e-mail (1)
- e-voting (12)
- e-waste (1)
- Earth Day (1)
- Earthlink (1)
- eavesdropping (2)
- eBay (4)
- Ebay (1)
- eclipse (1)
- economic downturn (2)
- economics (1)
- economics of cybercrime (1)
- ediscovery (1)
- EEC (1)
- EEF (1)
- election (1)
- elections (2)
- electronic ballots (1)
- electronic voting (2)
- email (16)
- email abuse (1)
- email archiving (1)
- Email client (1)
- email discovery (1)
- email filter (1)
- email filters (1)
- email monitoring (1)
- email policy (1)
- email security (15)
- email spoofing (1)
- employee monitoring (2)
- encrypted e-mail (1)
- Encryption (1)
- encryption (47)
- encryption keys (1)
- end user education (1)
- end user secuity (1)
- end user security (1)
- end user training (2)
- endpoint encryption (1)
- endpoint security (1)
- energy consumption (1)
- enterprise infrastructure (1)
- EnterpriseDB (1)
- ESet (1)
- espionage (1)
- ETL (1)
- EU (4)
- European Commission (1)
- European Union (4)
- EV certificates (1)
- EV SSL (6)
- EV SSL certificates (1)
- Eve Online (1)
- event correlation (1)
- EverQuest (1)
- evolution (1)
- Exchange (1)
- executive management (2)
- eXo (1)
- expansion pack (1)
- Expedia (1)
- exploit (3)
- Express Scripts (1)
- Extended Validation SSL (1)
- extended validation SSL (1)
- Extended Validation SSL Certificates (2)
- extortion (1)
- F-Secure (1)
- FAA (1)
- Facebook (10)
- Fast Company (1)
- fast flux (1)
- fast-flux (1)
- FBI (1)
- FCC (6)
- FDIC (1)
- Federal Deposit Insurance Corporation (1)
- Federal Rules of Civil Procedures (1)
- federal security (1)
- Federal Trade Commission (1)
- feedback (1)
- FERC (1)
- file encryption (1)
- file sharing (6)
- Final Fantasy (1)
- financial services (2)
- fines (1)
- Finjan (1)
- Firefox (18)
- FIrefox (1)
- Firefox plugin (1)
- FirePhish (1)
- firewall (2)
- firewalls (5)
- fiscal stimulus (1)
- FISMA (1)
- Flash (3)
- flash drive (1)
- flash drives (1)
- foreign relations (1)
- forensic analysis (1)
- forensics (7)
- form grabber (1)
- Fortune 100 (1)
- Fortune 500 (1)
- fraud (33)
- free credit monitoring (1)
- free market (1)
- free WiFi (1)
- FreeBSD (1)
- FTC (1)
- ftp (1)
- full disk encryption (6)
- G Data (1)
- gaming (1)
- gaming assets (1)
- gaming inventory (1)
- GAO (2)
- GDI (1)
- GE (1)
- Geert Wilders (1)
- genetic engineering (1)
- Geogia (1)
- Georgia Tech (1)
- Germany (1)
- globalization (1)
- Gmail (10)
- gmail (1)
- GMail (2)
- Goggle phone (1)
- Goodmail Systems (1)
- Google (61)
- google (1)
- Google ads (1)
- Google Applications (2)
- Google Apps (10)
- Google apps (1)
- Google Apps Engine (1)
- Google Blogger (1)
- Google Books (1)
- Google Calendar (1)
- Google Chrome (2)
- Google Desktop (1)
- Google desktop (2)
- Google Docs (4)
- Google email (1)
- Google Gears (3)
- Google Goggles (2)
- Google Groups (2)
- Google mail (1)
- Google operating system (1)
- Google Pack (1)
- Google Phone (2)
- Google phone (10)
- Google Toolbar (1)
- Goolag (1)
- Governance (1)
- governance (4)
- Gphone (2)
- gPhone (1)
- Grand Prix (1)
- Great Britan (1)
- green bar (2)
- Greenborder (1)
- greenhouse gases (1)
- GroupWise (1)
- hack (3)
- hackers (1)
- hackikng (1)
- hacking (48)
- HAL (1)
- Hannaford (3)
- harassment (1)
- hard drives (1)
- hardware error (1)
- Harvard Business Review (1)
- hash functions (1)
- HD-DVD (2)
- health care records management (1)
- Heartland (1)
- Heather Mills (1)
- HerbalKing (1)
- hijacked (1)
- Hillary Clinton (4)
- HIPAA (1)
- Hitachi (1)
- hoax (1)
- holiday (1)
- Homeland Security (2)
- homeland security (1)
- honeypot (1)
- honeypots (1)
- honypots (1)
- host (1)
- host integrity (2)
- host intrusion prevention (2)
- host intrusion prevetions system (1)
- host security (1)
- hosted malware (1)
- hostile workplace (1)
- hotel security (1)
- housing and urban development (1)
- HP (2)
- HP Info Center (1)
- HPMini-Note PC (1)
- HTML (1)
- HTML Injection (1)
- HTML injection (1)
- HTTP (1)
- HUD (1)
- human factors (2)
- human resources (1)
- Hushmail (1)
- hypervisor (1)
- IBM (11)
- IBM DB2 (1)
- IBM Websphere Portal (1)
- ICANN (1)
- identity management (8)
- identity theft (45)
- Identity theft (1)
- IE (4)
- IE 7 (2)
- IE7 (1)
- IE8 (1)
- IEEE Computer (1)
- iFrame exploit (1)
- illegal downloading (2)
- illegal software (1)
- IM (4)
- image analysis (1)
- image spam (3)
- Imeem (1)
- incident management (2)
- incident response (4)
- Indiana Jones (1)
- industrial espionage (1)
- industry regulation (1)
- information classifictaion (1)
- information leaks (4)
- information security (8)
- information technology (2)
- information theft (1)
- infrastructure (1)
- infrastructure protection (1)
- ING (1)
- ING Direct (1)
- Injection attack (1)
- injection attack (4)
- injection attacks (2)
- insider abuse (10)
- insider attack (4)
- insider threat (3)
- insider trading (1)
- instant messaging (3)
- insurance (1)
- Intel (4)
- Intel Dual Core (1)
- intellectual property (9)
- intellectual property theft (1)
- intelligence (1)
- intelligence agency (1)
- intelligence gathering (1)
- Interent Explorer (1)
- interface design (1)
- Internet (4)
- Internet access (1)
- Internet Explorer (16)
- Internet Explorer 7 (1)
- Internet rumor (1)
- Internet security (1)
- intrusion detection (1)
- intrusion prevention (7)
- intrustion detection (1)
- intrustion prevention (1)
- IP address (1)
- IP reputation filter (1)
- IP spoofing (1)
- iphone (3)
- iPhone (15)
- iPhone 2.0 (1)
- iPod (2)
- IPOWER (1)
- IPS (4)
- IRC (1)
- Irish Potato Famine (1)
- IRS (3)
- ISO 27002 (1)
- ISO-17799 (1)
- ISP (14)
- Isreal (1)
- IT (2)
- IT budget (1)
- IT budgeting (1)
- IT infrastructure (1)
- IT management (2)
- IT security (1)
- IT services (1)
- IT spending (1)
- Italian Job 3 (1)
- Italy (1)
- ITIL (7)
- iTouch (4)
- iTunes (1)
- iTunes update (1)
- IXQuick (1)
- jail break (1)
- Japan (1)
- Java security (1)
- JavaFX (1)
- Javascript (7)
- JavaScript (1)
- JBoss (1)
- Jeremy Clarkson (1)
- John Mcain (1)
- John McCain (4)
- JScript (1)
- JSON (1)
- JSR 168 (1)
- Julius Baer Bank and Trust (1)
- Kaspersky (1)
- key management (2)
- keylogger (6)
- keyloggers (1)
- kiting (1)
- Kmart (1)
- Koobface (1)
- Kraken (1)
- kudzu (1)
- laptop (9)
- laptop security (5)
- laptop theft (5)
- Large Hadron Collider (1)
- least privilege (2)
- least privileges (1)
- legislation (3)
- Lending tree (1)
- Leopard (3)
- LHC (1)
- liability (2)
- Lieberman (2)
- Liferay (1)
- Limewire (2)
- LinkedIn (3)
- LinkedIn porn malware (1)
- Linux (14)
- Linux desktop (2)
- lock down (1)
- lock picking (1)
- locksmith (1)
- log analysis (2)
- log monitoring (1)
- lost laptop; stolen laptop; data loss protection; data leak; identity theft; Best Buy (1)
- Lotus Notes (1)
- Lotus Symphony (2)
- Mac (3)
- Mac OS (7)
- Mac OS X (11)
- mail delivery (1)
- malicious domains (1)
- malicious Web site (1)
- malicious Web sites (2)
- Malware (3)
- malware (138)
- malware detection (1)
- malware Trojans worms viruses defense in depth anti-virus anti-malware Mac OS X iPhone iTouch (1)
- man in the middle attack (3)
- man-in-the-middle attack (1)
- managed devices (1)
- managed security services (1)
- managing security budgets (1)
- market (1)
- mashup (1)
- mashups (1)
- Massachusetts (1)
- massacre (1)
- Mastercard (1)
- McAfee (15)
- McAfee Site Advisor (2)
- McAFee SiteAdvisor (1)
- McAfee SiteAdvisor (1)
- Mcain Palin (1)
- McCain (4)
- MD5 (1)
- Media Defender (1)
- MediaDefender (1)
- medical malpractice (1)
- merger (1)
- message digests (1)
- messaging (1)
- metadata (1)
- Metasploit (2)
- metrics (1)
- MI5 (2)
- MI6 (1)
- Micheal Jackson (1)
- Microsoft (61)
- Microsoft Access (1)
- Microsoft Data Engine 1.0 (1)
- Microsoft Exchange (1)
- Microsoft Host Integration Server (2)
- Microsoft Live (1)
- Microsoft Mobile (1)
- Microsoft Office (6)
- Microsoft Project (1)
- Microsoft security (2)
- Microsoft SQL Server 2000 Desktop Engine (1)
- Microsoft SQL Server 2005 Express Edition (1)
- Microsoft Sync Framework (1)
- Microsoft Threat Analysis and Modeling (1)
- Microsoft Threat Analysis and Modeling Tool (1)
- Microsoft Vista (1)
- Microsoft Windows (1)
- Microsoft Windows 2000 (1)
- Microsoft Word (1)
- Microsoft XP (1)
- midsized business (1)
- MiiVi.com (2)
- military network (1)
- mini notebook (1)
- mini-laptop (1)
- mismanagement (1)
- missle defense (1)
- MIT (1)
- MITM (1)
- Mitt Romney (1)
- MMS (1)
- mob (1)
- mobile (1)
- Mobile Armor (1)
- mobile banking (1)
- mobile computing (2)
- mobile device (1)
- mobile device security (6)
- mobile devices (6)
- mobile devices malware iPhone Blackberry Google Phone (1)
- mobile malware (1)
- mobile messaging services (1)
- mobile operating system (1)
- mobile phone (2)
- mobile phones (1)
- mobile security (4)
- mobile storage devices (1)
- money laundering (1)
- monitor (1)
- monitoring (9)
- Monster.com (1)
- Morris worm (1)
- mortgage lending (1)
- Motion Picture Association of America (2)
- Moziall Firefox (1)
- Mozilla (10)
- Mozilla Fireforx (1)
- Mozilla Firefox (2)
- MPAA (4)
- MPack (1)
- MS Exchange (1)
- MS Jet (1)
- MS SQL Server (1)
- MTV (1)
- multimedia messaging (1)
- multiplayer games (1)
- municipal WiFi (1)
- music download (1)
- music industry (1)
- music piracy (1)
- MySpace (4)
- MySQL (5)
- MySQL security (1)
- myth (1)
- NAC (1)
- NASA (1)
- national defense (1)
- national security (2)
- natural language processing (1)
- NeoSploit (1)
- Nessus (1)
- Net Neutrality (1)
- net neutrality (1)
- Netflix (1)
- network (1)
- network abuse (1)
- network access control (1)
- network access controls (1)
- network appliance (2)
- network engineering (1)
- network intrusion prevention (1)
- network monitoring (1)
- network protocols (1)
- network scanner (1)
- network security (64)
- network vulnerabilities (1)
- network vulnerability scanning (1)
- network worms (1)
- Nicholas Carr (1)
- nickle (1)
- Nigerian scam (1)
- NIST (1)
- NLP (1)
- Nmap (1)
- Novell (2)
- NPR (2)
- NSA (2)
- nuclear secrets (1)
- NV Labs (1)
- oauth (1)
- Obama (8)
- Obama administration (1)
- obfuscation (1)
- Office (1)
- office suite (1)
- Ohio (3)
- olap (1)
- OLAP (1)
- one time passwords (1)
- online (1)
- online activity tracking (1)
- online ads (1)
- online advertising (2)
- online applications (2)
- online banking (16)
- online desktop (1)
- online fraud (1)
- online gaming (6)
- online identity (1)
- online pornography (1)
- online security (1)
- online storage (1)
- online theft (2)
- open access (2)
- open source (3)
- Open Source Security Testing Methodologies Manual (1)
- OpenBSD (1)
- OpenDNS (5)
- OpenFlow (1)
- OpenID (5)
- OpenLaszlo (1)
- OpenOffice (3)
- OpenSocial (1)
- OpenSSH (1)
- OpenSSL (2)
- OpenSSL vulnerability (1)
- Opera (3)
- operatin g system (1)
- operating system (4)
- operating system development (1)
- operating system hardening (1)
- operating system market (1)
- operating system restore (1)
- operating system security (3)
- operating systems (1)
- Oracle (28)
- Oracle Data Vault (1)
- organizational management (1)
- OSSTMM (1)
- OTP (1)
- Outlokk (1)
- Outlook (1)
- outsourcing (1)
- OWASP (2)
- P2P (10)
- p2p (1)
- P2P networks (1)
- Pakistan (1)
- Palin (3)
- Palm (1)
- Palm Centrino (1)
- Palm OS (5)
- paper ballots (1)
- paper trail (2)
- parallel processing (1)
- Paralles (1)
- parental controls (1)
- passsword stealing (1)
- password (5)
- password crackers (1)
- password cracking (3)
- Password Hasher Firefox Extension (1)
- password management (1)
- password manager (1)
- password policy (1)
- Password Safe (1)
- password stealing (1)
- passwords (11)
- patch (13)
- patch management (19)
- Patch Tuesday (3)
- patching (23)
- patent (3)
- Payment Card Industry (1)
- Payment Card Industry Data Standards (1)
- PayPal (5)
- PC (1)
- PC security (4)
- PCI (5)
- PCI Data Security Standard (1)
- PCI Data Standards (1)
- PCI DSS (3)
- PDA (2)
- PDA security (1)
- PDF spam (2)
- peer-to-peer (1)
- Peer-to-Peer (1)
- penatration testing (1)
- penetration testing (3)
- Pennsylvannia primary (1)
- Pentagon (7)
- perimeter defenses (3)
- personal devices (1)
- personal financial services (1)
- personally identifiable information theft (1)
- Pew Internet & American Life (1)
- Pew Research (1)
- Pfizer (2)
- Phalanx (1)
- Phantom (1)
- pharming (4)
- Phishing (3)
- phishing (80)
- phisihing (1)
- PHP (3)
- PHP security (1)
- physical security (3)
- PII (1)
- piracy (4)
- PKI (1)
- planning and organizing (1)
- Playstation 3 (1)
- plug-ins (2)
- point of sale (1)
- Pointsec (1)
- policies (1)
- policies and procedures (1)
- policy (2)
- policy enforcement (3)
- Policy enforcement (1)
- policy frameworks (1)
- policy management (4)
- politics (1)
- polymorphic virus (1)
- pop-ups (2)
- porn (6)
- pornography (4)
- portal security (2)
- Portals (1)
- POS (1)
- Poste Italiane (1)
- Postini (2)
- potentially unwanted program (1)
- potentially unwanted programs (2)
- power grid (1)
- power saving (1)
- PowerPoint (1)
- Premier Election Solutions (1)
- Presidential campaign (1)
- presidential campaign (3)
- presidential candidates (3)
- presidential election (4)
- Presidential elections (1)
- primary election (1)
- Privacy (1)
- privacy (40)
- privacy directive (1)
- privacy directives (1)
- privacy legislation (1)
- privacy protection (1)
- PrivacyFinder.org (1)
- private investigation (1)
- privilege elevation (1)
- product evaluation (1)
- product selection (1)
- productivity (1)
- programming errors (1)
- project management (1)
- property rights (1)
- prosecution (1)
- public key cryptopgraphy (1)
- public policy (1)
- pump and dump (2)
- PUP (2)
- put options (1)
- Qualcomm (1)
- quality control (1)
- query interface (1)
- Radware (1)
- random js toolkit (1)
- randomness (1)
- ransomware (2)
- rash (1)
- RBN (1)
- Reader (1)
- recession (1)
- Reconnex (1)
- recording industry (2)
- recovery (3)
- regulation (4)
- regulation. Obama (1)
- regulations (1)
- Reh Hat (1)
- relational database (1)
- relational databases (1)
- remote access (4)
- remote access security (1)
- remote code execution (2)
- remote exploit (1)
- remote management (1)
- reporting (1)
- reputation (1)
- reputation management (1)
- requirements analysis (1)
- requirements management (1)
- resiliency (1)
- resiliency engineering (1)
- retail (1)
- retailer (1)
- reveneues (1)
- revolt (1)
- reward (1)
- RFID (4)
- Rhapsody (1)
- RIA (2)
- RIAA (6)
- rich internet application (1)
- rich internet applications (1)
- rich Web applications (1)
- Richard Clarke (1)
- Richard Stallman (1)
- risk (2)
- risk analysis (5)
- risk assessment (3)
- risk management (20)
- risk mitigation (3)
- Robert Alan Soloway (1)
- Rolls Royce (1)
- Ron Paul (2)
- root access (1)
- root kits (3)
- rooted (1)
- rootkit (1)
- rootkits (6)
- rotation of duties (3)
- rotation of dutities (1)
- RSA (4)
- RSA 2009 (1)
- Ruby (3)
- Ruby on Rails (3)
- Rudder (1)
- Russia (1)
- Russian Business Network (1)
- SaaS (3)
- Safari (6)
- SafeBoot (1)
- Salesforce.com (2)
- sampling (1)
- San Francisco (2)
- sand box (1)
- sandbox (1)
- SANS (1)
- SANS What Works (1)
- Sarah Palin (1)
- satellite (1)
- Scalia (1)
- scam (1)
- scareware (1)
- Scientific American (1)
- screen grabber (2)
- screen logger (1)
- script (1)
- script kiddie (2)
- scripting (1)
- search (2)
- search and siezure (1)
- search engine (1)
- search engines (1)
- Sears (1)
- Second Life (4)
- Secunia (1)
- Secure Computing (1)
- Secure mashups (1)
- secure programming practices (1)
- secure voting (1)
- SecureWorks (1)
- security (34)
- security appliance (1)
- security as a service (3)
- security audit (1)
- security awareness (11)
- security awareness training (2)
- security baseline (1)
- security best practices (3)
- security breach (1)
- security budget (2)
- security budgeting (1)
- security by obscurity (1)
- security domains (1)
- Security Exchange Commission (1)
- security hardware (1)
- security industry (1)
- security informaiton management (2)
- security information management (1)
- security investment (1)
- security management (114)
- security managment (2)
- security market (2)
- Security market (1)
- security methodologies (1)
- security metrics (1)
- security monitoring (1)
- security policies (9)
- security policy (14)
- security practices (2)
- security professionals (1)
- security reporting (1)
- Security research (1)
- security ROI (1)
- security testing (3)
- security threats (3)
- security training (7)
- security update (1)
- security vendors (5)
- security vulnerability (1)
- semi-managed devices (1)
- Sender Policy Framework (2)
- SenderID (1)
- sendmail (2)
- Sentrigo (1)
- separation of duties (2)
- server hardening (1)
- server management (1)
- server security (6)
- server vulnerability (1)
- servers (2)
- service management (1)
- service oriented architecture (1)
- sex scandal (1)
- shredding (1)
- signature base detection (1)
- signature-based analysis (1)
- Silverlight (2)
- SIM (1)
- simulation (1)
- single sign on (1)
- SIP (1)
- SitAdvisor (1)
- SiteAdvisor (1)
- skills (1)
- Skydrive (1)
- Skype (5)
- small and midsized business (1)
- small and midsized businesses (1)
- small business (1)
- small businesses (1)
- small mid-sized businesses (1)
- small midsized business (3)
- smartphone (10)
- smartphones (19)
- Smash (2)
- smb (1)
- SMB (8)
- SMM (1)
- SMS (3)
- Snort (1)
- SOA (1)
- sobriety tests (1)
- social engineering (26)
- social enterprise (1)
- social networking (8)
- society (1)
- sociological drivers (1)
- Société Générale (1)
- software as a servcies (1)
- software as a service (4)
- software as a services (1)
- software asset management (1)
- software design (1)
- software development (6)
- software development methodologies (3)
- software development methodology (1)
- software engineering (1)
- software life cycle (1)
- software life cycle management (1)
- software policy (1)
- software reliability (1)
- software security (1)
- Sony (1)
- Sophos (1)
- Souter (1)
- SouthPark (1)
- spam (60)
- Spam (1)
- spam filter (1)
- spam filtering (1)
- spam stimulus package porn adult film industry bankikng auto industry IRS (1)
- Spamassasin (1)
- Spamassassin (1)
- Spamhaus (2)
- spammers (2)
- spear phishing (1)
- SPF (2)
- spoofing (1)
- Sprint (1)
- spybot (1)
- spyware (19)
- spyware SpyBot Ad-Aware Mcafee Site Safe OpenDNS (1)
- SQL Injection (8)
- SQL injection (5)
- SQL injection attacks (1)
- sql injection scanner (1)
- SQL Server (5)
- SQL Server 2000 (1)
- SQL Server 2005 (1)
- SQL Server 7.0 (1)
- SQL Slammer (1)
- SQLNinja (1)
- SSH (1)
- SSL (5)
- stability issue (1)
- Star Office (1)
- state sponsored cybercrime (1)
- State Street (1)
- static analysis (2)
- statistical analysis (1)
- statistics (2)
- stealth update (1)
- Stephen Colbert (1)
- stimulus plan (1)
- stolen laptop (2)
- StopBadware (1)
- storage services (1)
- Storm (5)
- Storm bot (1)
- Storm worm (3)
- Sun (4)
- Sun Java System Portal (1)
- Sunbelt (1)
- Super Tuesday (1)
- supercomputing (1)
- superhackers (1)
- Supreme Court (1)
- SURBL (1)
- surveillance (7)
- survey (3)
- SUSE (1)
- Sylvania G Netbook (1)
- Symantec (12)
- Symbain (1)
- Symbian (4)
- Symbion (1)
- system administration (1)
- system resiliency (1)
- systems administration (1)
- systems complexity (1)
- systems reliability (1)
- T-Mobile (2)
- targeted attacks (1)
- taxes (1)
- TCP (6)
- technology (1)
- technology policy (1)
- telecommunications industry (2)
- telephony (1)
- telephony security (1)
- testing (4)
- testing methodology (1)
- testing standards (1)
- text messaging (1)
- text mining (1)
- The Economist (1)
- theft (1)
- Thinkfree (1)
- ThinkFree (1)
- threat analysis (2)
- threat assessment (1)
- threat management (1)
- threat modeling (1)
- threat modelying (1)
- threatening messages (1)
- threats (3)
- Thunderbird (1)
- Tiger (2)
- Time Warner Cable (1)
- timing attack (2)
- TJX (9)
- Tor (1)
- Torpig (1)
- TorrentFreak (1)
- tracking (1)
- training (3)
- transportation (1)
- Trend Micro (2)
- Treo (1)
- Tripwire (1)
- Trojan (17)
- trojan (1)
- Trojan horse (7)
- Trojan Horses (1)
- Trojan horses (3)
- Trojans (9)
- trust model (1)
- trustec computing paltform (1)
- trusted computing (3)
- Trusted Computing Platform (1)
- trusted computing platform (2)
- trusted path (1)
- trusted Web sites (1)
- Turing Test (1)
- Twitter (2)
- twitter (1)
- typosquatting (1)
- UAC (2)
- Ubuntu (6)
- UK (2)
- Ukraine (1)
- ultraportable (1)
- underground economy (1)
- unified communications (1)
- unified threat management (6)
- Unisys (1)
- university (1)
- unlock (2)
- unmanaged devices (2)
- unwanted content (1)
- update (1)
- URIBL (1)
- url blocking (1)
- URL filtering (1)
- URL redirect (1)
- US-Cert (1)
- usability (2)
- USB (1)
- USB flash drive (1)
- user authentication (1)
- user awareness (3)
- user training (2)
- utility computing (1)
- UTM (3)
- VA (2)
- Valentines Day spam (1)
- vandalism (1)
- VBScript (1)
- Verified Voting (1)
- Veritas (1)
- Verizon (4)
- Verizon Wireless (2)
- VerizonWireless (2)
- version control (1)
- Viacom (2)
- video (2)
- video conferencing (1)
- Virginia Tech (2)
- virtual criminology (1)
- virtual currency (1)
- virtual goods (1)
- virtual machine (1)
- virtual private database (2)
- virtual server (2)
- virtual server security (1)
- virtual servers (1)
- virtual theft (1)
- virtual world (1)
- virtual worlds (1)
- virtualizaiton (1)
- virtualization (13)
- virtualization security (1)
- virtualization sprawl (1)
- virus (18)
- Virus (1)
- viruses (4)
- virutalization (1)
- Visa (1)
- vishing (2)
- Vista (26)
- vitrualization (1)
- Viver (1)
- VMWare (4)
- VoIP (7)
- VoIP security (3)
- voter fraud (1)
- voter registration (1)
- voting (2)
- voting fraud (2)
- voting machines (3)
- voting security (1)
- VPD (2)
- VPN (2)
- vpn (1)
- vPro (2)
- VT (1)
- vulnerabilities (34)
- vulnerability (35)
- vulnerability assessment (12)
- vulnerability management (5)
- vulnerability scanner (1)
- vulnerability scanning (16)
- vulnerability testing (1)
- vunlernability scanning (1)
- W-Fi (1)
- Wabisabilabi (1)
- Wall St meltdown (1)
- war (1)
- warrantless wiretapping (1)
- weak encryption keys (1)
- weak keys (1)
- Web (1)
- Web 2.0 (15)
- Web 2.0 security (1)
- Web 2.0. (1)
- Web application (2)
- web application security (4)
- Web application security (19)
- Web browser (1)
- Web crawler (1)
- Web email (1)
- Web filtering (1)
- Web hacking (1)
- Web hosting (1)
- Web meeting (1)
- Web rediret (1)
- Web security (10)
- web security (1)
- Web server security (2)
- Web services (1)
- Web site (1)
- Web site attack (1)
- Web site defacement (1)
- Web site integrity (1)
- Web site security (8)
- Web sites (1)
- Web spoofing (1)
- Web surfing (1)
- WebLogic (1)
- WebOS (1)
- Website security (1)
- Website vulnerability (1)
- WEP (2)
- whistle blowing (1)
- white lists (1)
- whitespace (1)
- WhyFirefoxIsBlocked (1)
- whyfirefoxisblocked (1)
- wi-fi (1)
- Wi-Fi (1)
- WiFi (2)
- WiFi communications industry auto industry (1)
- WiFi security (3)
- wiki (1)
- WikiLeaks (1)
- Wikileaks (1)
- wikis (1)
- WiMax (2)
- Windows (16)
- Windows 7 (1)
- Windows administration (1)
- Windows Internal Database (1)
- Windows Live (1)
- Windows Mobile (3)
- Windows registry (1)
- Windows security (8)
- Windows Server 2003 (1)
- Windows Server Service (1)
- Windows Update (1)
- Windows Vista (6)
- Windows XP (3)
- Wired (1)
- wireless (5)
- wireless auction (1)
- wireless encryption (1)
- wireless network (1)
- wireless security (3)
- wiretapping (2)
- Wordpress (1)
- workflow (1)
- World Bank (1)
- World of Warcraft (3)
- worm (4)
- wormm SIS (1)
- worms (13)
- WoW (1)
- WPA (1)
- XACML (1)
- XDrive (1)
- Xen (1)
- XP (2)
- XSRF (2)
- XSS (5)
- Yahoo (6)
- Yahoo widgets (1)
- YouTube (7)
- Yugma (2)
- ZanghSearch (1)
- zero day (1)
- zero day vulnerability (2)
- zero-day attack (1)
- zero-day theats (3)
- zero-day vulnerability (1)
- Zimbra (1)
- Zoho (12)
- Zoho Meeting (1)
- zombie (1)
- zombies (2)
- Zonbu (2)