Skip Links

IT Best Practices Alert

Sign up for this newsletter now!

The CIO-level business angle on the latest tech

IT Best Practices news and resources from Network World.
DMARC email standards help prevent brand abuse in phishing campaigns
05/16/13
Phishing attacks victimize the email recipient who opens the message AND the company whose domain name has been spoofed in the attack. If enough people get malicious emails that appear to come from legitimate companies, people simply begin to ignore email from them. Now the DMARC email specifications help prevent that kind of brand abuse.
Encrypt and secure data in the Amazon big data cloud service
05/09/13
Many companies are anxious to take advantage of big data cloud services to crunch vast amounts of data for analysis. However, the lack of inherent data security can be a deal-breaker. Now there's a new service that provides integrated data encryption throughout the processes and infrastructure of Amazon EMR. Service subscribers maintain complete control of their encryption keys, thus bolstering the security of their data.
From physical to virtual to cloud and everywhere in between
05/01/13
CIOs everywhere are transforming their data centers from purely physical infrastructures located on-premises to virtual infrastructures that also make use of the cloud. Read how one data-driven company made the transition.
Skyhigh Networks helps you discover every cloud service your company uses
04/19/13
There's hardly a company that doesn't have a problem with cloud services creating "shadow IT." That is, employees using services that you may or may not know about. Most CIOs think their company uses about 25 to 40 cloud services, but the reality is more like 200 to 400. Skyhigh Networks lets you discover and control all the cloud services your company uses -- whether you've authorized them or not.
Should you simulate a phishing attack on your own colleagues to raise security awareness?
04/12/13
An innovative approach to security awareness training is to use simulated attacks on workers. A recent Naked Security survey shows that 85% of IT security professionals say it's good to send workers fake phishes with the aim of educating them about their vulnerability and getting them to change their behavior. Is there benefit in this approach to user education?
Let the hackers seek while you hide behind third-party hosted services
04/04/13
I recently had a conversation with the CISO of a small company that has a relatively large target on its back. This company hosts Web portals for its clients to accept electronic payments. For example, when you go to an online retailer's checkout process and get passed to a secure site, it's possible that this company is hosting that payment site. You can see how this kind of activity would make this company attractive to hackers looking for credit card information.
Three reasons you shouldn't neglect your application security
03/29/13
With so much emphasis on all forms of security these days, business applications remain one of the most vulnerable and most frequently exploited IT components. Investment in application monitoring should be a part of a comprehensive defense strategy. Keith Brogan of managed security provider Vigilant provides his thoughts on the importance of application security.
New course teaches techniques for detecting the most sophisticated malware in RAM only
03/22/13
One of the most sophisticated kinds of cyberattacks uses memory-resident malware. The software can't be detected using traditional forensic techniques. Security professionals need new skills and a whole new approach to find this most insidious malware, and there's a new course from SANS Institute that covers memory forensics in-depth.
(ISC)2 says the IT security workforce is at a crisis point
03/14/13
The sixth biannual Global Information Security Workforce Study is out, and it says the workforce is under tremendous strain, but job (and pay) prospects for certified security professionals are good.
How to avoid becoming a victim of SMiShing (SMS phishing)
03/07/13
Get ready for SMiShing, or phishing attacks that come to your mobile phone. These types of attacks are on the rise, and with so many people using their smartphones to access corporate networks and data, it's a new danger in the world of BYOD. Follow these tips to avoid becoming a victim.
Ixia models attacks on your systems so you can test your defenses
02/28/13
How well have you built your IT security defenses? Can your system withstand an attack? The worst time to answer these questions is during an actual attack. Ixia helps you model a variety of attack scenarios so you can test your defenses before they are needed for real.
Four tips for getting the most out of your SIEM
02/22/13
Anyone who has ever had to implement a Security Information and Event Management (SIEM) solution can attest that it takes concerted effort to get the best value from the solution. SIEMs are pretty complex products, as they are designed to take log and event data from various devices, apply rules to correlate the information in real-time, and then alert security professionals when significant events are discovered.
Close the door for good on Web server backdoors
02/15/13
Regular readers of Network World know there is a crime spree taking place in cyberspace. Hackers are coming into servers at will through backdoors and directing these servers or the websites they host to perform all sorts of malicious deeds. Incapsula just introduced a cloud-based service that can detect and mitigate the problem of backdoors that are surreptitiously planted on Web servers.
Automate security orchestration across platforms, environments
02/08/13
IT security professionals sometimes have a tough choice: put reins on the business until all necessary security controls are in place, or let the business run at the pace it wants with security controls that may have weaknesses or gaps? A new security orchestration platform from NetCitadel aims to resolve that conflict by automating security changes across multiple platforms and within physical, virtual and cloud environments.
At least 80% of mobile apps have security and privacy issues that put enterprises at risk
02/01/13
The first rule of managing a BYOD environment is to set good policies governing who can do what activities and access which data. But if you don't know what apps really do -- like harvesting a smartphone user's contact list -- you can't build effective policies. Appthority helps you manage the risk from mobile applications by analyzing what apps are actually capable of doing.
How mobile apps can take whatever data they want from a smartphone
01/25/13
According to some research, more than 70% of organizations permit use of personally owned devices for business purposes. If your company is among them, read on. I have some eye-opening information that might make you rethink your BYOD policy and the measures you take to protect corporate data.
Identity and access management as a cloud-based service eliminates time, pain and cost
01/18/13
Gartner says that identity and access management offered as a cloud-based service (IDaaS) is an up-and-coming market for a growing need. As more enterprises utilize more applications as a service (SaaS), they need an easy way to provision users and oversee the rights that have been assigned.
Best practices to mitigate DDoS attacks
01/10/13
DDoS attacks are on the rise and growing more complex. A majority of respondents in a recent survey from Neustar indicate a service outage would cost their companies $10,000 or more per hour in lost revenues. Follow these tips to mitigate an attack against your organization.
StealthSEEK is a cost effective data discovery tool for Microsoft environments
01/04/13
Do you know where your sensitive data is? If you can't answer a definitive "yes," then maybe it's time to conduct a data discovery exercise to see if your organization has unencrypted sensitive data in vulnerable places.
IT leaders prepare for their top IT security threats of 2013
12/21/12
Wisegate, the professional networking organization for IT and information security professionals, recently convened its members to discuss their top IT security threats for the coming year. Read what's on their minds, and how they plan to address the threats.
HP brings cloud economics to networking with a pay-per-use model
12/14/12
You've heard of software as a service, infrastructure as a service and even security as a service. Now there is LAN as a service, a business model that lets you acquire a modern network infrastructure and pay only for the ports you use.
Best practices to close the door to spear-phishing attacks
12/06/12
Security firm Trend Micro has identified spear-phishing emails as a top vector for allowing advanced persistent threats (APTs) onto company networks. Attackers use personal information to gain a victim's confidence and then zap him or her with malware that can scout for and exfiltrate confidential data. Share these best practices with your colleagues to "avoid the spear."
Want to develop cybersecurity skills? Try SANS Institute's NetWars
11/30/12
If you think you might like to add some new skills to your resume, put cybersecurity on the list. SANS Institute has an intense, hands-on training program that develops your skills while allowing you to compete against others to test your mettle.
Best practices for creating 'the human firewall'
11/16/12
In a global survey conducted by consulting firm PwC, fewer than one-third of the surveyed executives say they are very confident they've instilled effective information security behaviors into their organization culture. It's time to build "the human firewall."
30 years later, Compaq leaves a legacy that benefits you
11/09/12
To hear Rod Canion and his fellow co-founders of Compaq Computer Corporation tell it, Compaq was an amazing company during its 20-year existence. From humble beginnings on farmland north of Houston to the Fortune 500 list, Compaq was the undisputed global leader of the PC industry for a number of years. Now Canion is defining his company's legacy -- one that you have benefited from greatly.

Linda Musthaler is a principal analyst with Essential Solutions Corporation.

Latest News
rssRss Feed
View more Latest News