Network World

IT Best Practices Alert

Linda Musthaler's CIO-level look at the latest networking technologies and their benefits and pitfalls.

Search IT Best Practices Alert IT Best Practices news and resources from Network World.

Is certification valuable, or not? We have the definitive answer: 11/25/09; Are IT certifications still relevant today, or are they not worth the time, effort and money? This debate has raged for years. Now, an in-depth three-year IDC study provides real data that shows the relationship between training, certification and the functional performance of teams of IT professionals.
Access control strategies for PCI and other security operations: 11/20/09; Innovations in the access control solutions market have made it easier to align security and compliance objectives with business imperatives. Industry expert Cheryl Traverse talks about how next-generation access control solutions address very explicit requirements in the PCI DSS.
Healthy ways to spend $40 billion: 11/13/09; The U.S. federal government has $40 billion set aside for healthcare IT. Much of that is earmarked for electronic medical records, but experts say there are other pressing needs that would improve healthcare. Unified communications and telepresence are two of the technology solutions on many hospitals' wish lists.
The Four Rs of sustainable IT: refurbish, reuse, recycle, ROI: 11/06/09; Do you have obsolete and unused computer equipment sitting around the office? Cha-ching! Those old clunkers can be good for cash if you refurbish, reuse and recycle them the right way.
Lost: A $49,000 laptop computer: 10/30/09; According to Ponemon Institute, the average cost of a lost or stolen laptop PC is more than $49,000. Most of this cost is due to the exposure of sensitive data. The sooner you discover the PC is missing and take action to disable access to the data, the less expensive the experience of the loss is.
Data masking secures sensitive data in non-production environments: 10/23/09; Sensitive data is a part of every large organization's normal business practice. Allowing sensitive data from production applications to be copied and used for development and testing environments increases the potential for theft, loss or exposure -- thus increasing the organization's risk. Data masking is emerging as a best practice for obfuscating real data so it can be safely used in non-production environments. This helps organizations meet compliance requirements for PCI, HIPAA, GLBA and other data privacy regulations.
How to protect a database from the inside out: 10/16/09; Your databases contain your company's most sensitive information -- credit card numbers, bank records, customer account information, financial records and so on. Chances are your database security is based on building a secure perimeter around the database, but this still leaves the data at risk. Sentrigo puts a sensor on your database to detect each illicit activity so you can detect, alert and prevent data breaches. This sensor helps protect databases from the inside out.
Engineers fix the shortcomings of the traditional firewall: 10/09/09; Do you find yourself putting a Band-Aid solution on a legacy firewall, such as strapping on an intrusion-prevention system here or antivirus software there? If the firewall is a security device, why should we have to surround it with other security devices to help it do its job? A group of security engineers addressed those shortcomings with a new kind of firewall built from the ground up.
Survey: Mainframe managers discuss their priorities: 10/02/09; In a 2009 survey, 1,546 IT managers who are responsible for mainframe operations revealed their top management priorities. Read on for some best practices for addressing those needs.
A security evangelist shares his best practices: 09/25/09; Anyone who has the word “evangelist” in his business title must really love his job. This week, John Linkous, Security and Compliance Evangelist at eIQnetworks shares his best practices for information security.
Best practices and automation for data privacy: 09/18/09; Your organization probably pays attention to data security, ensuring that sensitive data doesn't leak out or get into the wrong hands. But what about data privacy? How can you ensure that your organization is adequately protecting an individual's right to control the way you use his personal data? Now there's a tool to help automate privacy compliance as part of your overall corporate GRC program.
Top 5 best practices for firewall administrators: 09/11/09; Summer vacation is over and the busy holiday season is just a few months away -- not just for you, but for hackers as well. They plan to take advantage of your time off and the relaxed holiday atmosphere at Christmas and New Year's. Michael Hamelin, chief security architect at Tufin Technologies, says don't let your guard down. He provides his top 5 best practices for managing your firewall.
Has your sensitive data leaked into the wild?: 09/03/09; Most organizations have data security policies designed to keep sensitive information from becoming publicly available. Still, you’d be surprised at the kind of information that makes its way out into the open, either accidentally or intentionally. Financial records, customer account information, product plans and roadmaps. Do you know what information your company is exposing? New “data leak detection” (not prevention) technology from Exobox Technologies can tell you what is in the public eye, and where it is.
BMC's CTO gives advice on cloud management: 08/27/09; Everyone's talking about putting their application "in the cloud" these days. Cloud computing might be the next evolution for enterprise applications, but BMC Software's CTO advises IT organizations to consider how their application can be managed once in the cloud.
More tips on detecting botnet infestation: 08/19/09; As a follow-up to last week's article on detecting the presence of a botnet on your network, I have more advice from experts in this arena. IBM's Internet Security Systems X-Force gives specific examples of botnet activity to watch for on your network.
Detecting "bot rot" using log management or SIEM: 08/07/09; There are many kinds of tools that can help detect the presence of a bot. Log management and SIEM tools are helpful in detecting the communication that is a hallmark of a botnet. Experts provide their advice on how to use such tools to determine if a bot is at work on your network.
Nine things about botnets that will scare your pants off: 07/30/09; If you (like me) have been under the impression that botnets are no big deal, it's time to realize what a big threat they are to legitimate businesses and organizations. Corporate PCs that are turned into zombies can be forced to distribute spam, steal identity credentials and intellectual property, log keystrokes, commit click fraud and so much more. Here are nine things you might not know about botnets that are guaranteed to make you nervous.
Have "yinz"' seen the latest in mobile video service?: 07/24/09; You don't have to be from Pittsburgh to be a fan of the Stanley Cup-winning Pittsburgh Penguins. A common question among those fans this spring was, "Did yinz see the game last night?"' Fans who attended games at Mellon Arena saw lots of action via the new mobile video service called Yinz Cam, created by a Carnegie Mellon professor and her students. Yinz Cam represents the future of mobile services.
Tokenize sensitive data with solutions from these vendors: 07/17/09; An up-and-coming technique for protecting sensitive data is to "tokenize" it -- to replace the sensitive data with a representative token that has no meaning or value if stolen. You can implement tokenization fully in-house or outsource portions of the process and the storage of the actual data vault to a third party service provider. This article explores a few of these options.
This token gesture secures sensitive data: 07/10/09; 2008 was a record year for the amount of sensitive information compromised through data breaches. Much of the purloined data was payment card data, which allowed thieves to use millions of credit and debit cards fraudulently. There's a new technology called tokenization that offers great promise for protecting sensitive data. If your organization is compelled to comply with the Payment Card Industry (PCI), you need to know about tokenization and how it can help you achieve and maintain PCI compliance while reducing the cost to do so.
The notification chain when a breach is suspected: 07/02/09; A few weeks ago, we provided best practice tips on preserving log data for a forensic investigation. Now that you've got the data set aside for your investigation, who else needs to get involved? Let's discuss the notification chain and how other experts support the investigation and its fallout.
90 data breaches in 2008: What went wrong: 06/26/09; Data breaches continue to plague organizations in virtually every industry. Since 2004, the Verizon Business RISK Team has worked on more than 600 investigations of suspected breaches. Fortunately for us, the team is willing to share its collective knowledge and provide an analysis of the trends in breaches, including how they happen and what the root causes and contributing factors are.
How to dramatically cut costs on network performance monitoring: 06/19/09; The economic downturn and reduced IT budgets are forcing many network managers to look for alternative (read that as "cheaper") products and solutions for managing their networks. If you find yourself in this boat, then read on about a performance and availability monitoring solution that competes with the enterprise products from companies such as CA, IBM, HP and BMC Software. At the same time, this solution is saving its users hundreds of thousands and even millions of dollars.
How to manage the risk of your high-risk users: 06/12/09; Every network has high-risk users. Mitigating the risks they pose can be quite a challenge. Most point solutions only address part of the problem, leaving gaps in overall security. The product that Network World security blogger Richard Stiennon deemed "Best in Show" at the recent RSA Conference is an all-in-one solution designed to manage the risks posed by high-risk users. What's more, the hardened appliance form factor makes it easy to implement and use.
IT execs say 'going green' is essential. Are you ready?: 06/05/09; A recent worldwide survey commissioned by Symantec says that "going green" is now an essential strategy for most enterprise IT organizations. Ninety-seven percent of the responding companies are in the process of developing or have already implemented a green IT strategy. Are you ready to support your company's strategy with actionable plans?