There has to be a better way

IT Security Insider

Subscribe to IT Security Insider: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get IT Security Insider: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories

What is the most secure way to authenticate electronic data? Until recently, many technical people would have answered ‘cryptographic keys' without blinking. But recent headline events - and a ‘biggie' last year - have raised serious doubts about the ability of cryptographic keys to protect vital government and corporate data. Here are two examples from February that should make CIOs, CTOs and CSOs tremble in their boardrooms: McAfee revoking keys for signing apps on the Apple store; and stolen keys from Bit9 being used to sign malware. In the McAfee case, a McAfee administrator revoked (by mistake) the digital key for certifying desktop apps that run on Apple's OS X, thereby creating serious problems for customers who wanted to install or upgrade Mac antivirus products. The original Arstechnica article (McAfee revoking keys) noted that the administrator intended ... (more)

Windows Least Privilege Management and Beyond

Click Here to Download This Whitepaper Now! For Windows environments, it is critical that organizations can delegate administration and establish granular privileges quickly and efficiently to restrict administrators so they only access the servers and resources required to perform their job and only during the approved times to perform specific tasks. This white paper examines the security, compliance and efficiency issues surrounding least privilege management for Windows servers, and explains where native Windows tools fall short. It then describes how Centrify's DirectAuthor... (more)

Canadian Outfit Releases Encrypted Portable Private Web Browser

Vancouver-based ENC Security Systems, which is supposed to make "un-hackable" Encrypt Stick flash drive software, has released an Encrypt Stick 5.0 Private Browser, a digital privacy browser that it claims is the safest way to browse the Internet. Its timing couldn't be better considering the Federal Trade Commission is now backing the development of a Do-Not-Track system for web that's got the online ad people worried about their $23 billion sector and claiming it will mean the end of free content and Firefox revisiting a Do-Not-Track mechanism after Mozilla, pressured by an ad... (more)

Preventive Security Through Behavior Modification - Part 2

Last week, we saw that Defensive Security is not enough to solve the $1 trillion Intellectual Property and IT theft and cybercrime problem. This week, more about Preventive Security. Preventive Security is a set of technologies and processes used to prevent security incidents from even being attempted. These include awareness and training programs, establishment of proper policies and procedures and the use of technology solutions in support of existing laws. In fact, this is not very different from "regular" crime and how we deal with it. We arm ourselves with the means to catch ... (more)

Victim-nomics: Estimating the “Costs” of Compromise

Since launching ThreatConnect.com, Cyber Squared's Intelligence Support Team has become more effective in managing, analyzing and sharing our Threat Intelligence. While understanding the threat remains one of our core requirements, we have also begun to fill a key gap that, we feel, many within the industry are failing to address. Providing effective Threat Intelligence requires more than just characterizing the threat from a technical perspective.  Instead, you must strike a balance between providing technical context as well as non-technical relevancy to the victim.  Industry ... (more)

Network-Based Attacks: How Much Can They Cost You?

Every business acknowledges that network security is critical. But how do you quantify the business value that a secure network provides? And how does an enterprise evaluate and justify investing in network security products like next-generation firewalls, intrusion prevention systems and unified threat management appliances? While there is no exact formula or "cost of attacks" calculator, there are some useful guidelines and research studies that can provide techniques and resources for IT managers to develop their own cost model. There are three core areas that are important f... (more)