Sleeping laptops may be the next way hackers steal encrypted information
In an age of Sarbanes-Oxley and similar regulatory measures, how could a single rogue trader have racked up more than $7 billion in losses?
Why organizations need to get serious about security awareness training
Will it be "same old, same old" in security for 2008?
Compliance applies to the entire infrastructure, even the many crannies of heterogeneous environments.
In the second of three parts, unifying security, compliance, and risk assessment get better results
Despite the security weaknesses of FTP, there are several approaches IT can take to use the protocol safely.
Why database-auditing software is critical to protecting your company’s assets
IT is still largely unprotected from one area of enterprise risk: the insider threat.
The Daylight Saving Time changes may not have the impact of Y2K, but the ripples may give IT managers heartburn nonetheless
SIM adds real-time capabilities but compliance, not threats, stills drives this market
Spam and phishing attacks are getting worse, and new Web threats will complicate networks until some reputations are established
We sort out the options with the most buzz for 2007—NAC, Vista, and NAP—for enforcing security with devices requesting network resources.
A majority of survey respondents looking to implement an NAC solution want to reduce malware incidents, control remote access to the network, and enforce endpoint configurations.
From smarter criminals to network access protection, IT is going to have its hands full in 2007.
When it comes to malware, one company says their product separates the wheat from the chaff, advising enterprises which files should and shouldn’t be on their systems.
Many CIOs arrived late to Sarbanes-Oxley efforts
New study highlights commonalities between companies with the fewest IT compliance deficiencies.
New online risk-monitoring and strong-authentication technologies are helping banks meet looming FFIEC online authentication deadlines
Can companies use built-in ERP capabilities to better automate their IT controls?