Security: Data Protection

Why Colleges Fail the Privacy Test

Most college Web sites lack online privacy policies. What does that say about their ability to secure people’s private information and to avoid data breaches?

CA Rolls Out Tape Encryption for Mainframes

Options proliferate for encrypting your z/OS backup tapes

Q&A: Stopping Blended Threats with Multi-Function Security Appliances

Why small and medium-size businesses, and satellite offices, are increasingly adopting multi-function security appliances.

Web Services Gets SPML 2.0 Boost

New standard specifies XML framework for identity management and provisioning

Anti-Spyware Shootout

VeriTest, an independent testing lab, pitted three popular anti-spyware products against each other for four months, but such performance results can be problematic.

Backup-Tape Security: Enter the “Brown Bag”

Are your backup tapes a security risk? After numerous high-profile tape losses, and the resulting notifications to millions of Americans, many companies still don’t encrypt their backup tapes.

The Attack from Within: Stopping Malicious Insiders

While many IT managers obsess about hackers and external attackers purloining sensitive company information, studies point to a worse problem: the insider threat.

More Vista Security Details Emerge, But Will Enterprises Bite?

The next-generation Microsoft operating system packs needed security features, but the adoption forecast for Windows-weary enterprises is cloudy.

Destroy, Shred, Disintegrate: Guidelines for Securely Decommissioning Storage

Thanks to improved corporate information security practices, attackers are seeking new methods for accessing sensitive corporate information, putting storage media more at risk than ever. We offer several recommendations for destroying data.

Forty Million Stolen Identities Later: Learning from CardSystems' Breach

After the largest known compromise of personal information, the FTC details the information security failures that helped caused it.

Crawling the Internet to Find and Stop Spyware

Researchers find spyware lives especially on adult, game, and wallpaper sites. The enterprise security mandate is clear: start blocking those sites.

IM Security: E-mail’s Poor Cousin

Despite the popularity of instant messaging (IM), many organizations don’t regard the communications channel as an enterprise security risk.

Beyond Firewalls and IPS: Monitoring Network Behavior

Large enterprises are deploying network behavior analysis tools to supplement firewalls and IPS to block unknown types of attacks and catch stealthy attacks in progress.

Q&A: The Future of Security, Control, and SOX Compliance

Sarbanes-Oxley compliance started chaotically. By its second year, however, many organizations were investigating how automated controls could help them see SOX not as an annual cost but as a way to reduce business risk. What’s in store for year three?

Spyware Hampering Compliance Initiatives

Spyware poses a huge threat—yet a recent survey shows that by their own admission, many enterprises have yet to protect their information with suitable anti-spyware software.

Attackers Shift Exploits to Applications

The 2005 SANS Top 20 list of the worst vulnerabilities finds attackers deserting operating system vulnerabilities, for flaws in applications and network devices.

Malware Clean-Up Swamps IT Managers

Companies favor security technology, overlook adequate user training

Layering is Key to Countering Zero-Hour Attacks

Post-virus attack cleanup costs $200 per system. Taking a layered approach to protection can help keep your PCs safe.

Q&A: Natural Disasters Drive Renewed Focus on Backup/Recovery Plans

Best practices for creating your disaster recovery plans

Virtual Patching Secures Web Applications

Discovering Web application vulnerabilities—which account for a staggering majority of all vulnerabilities seen in the wild—is the easy part. Keeping them fixed is another story.