IT Security

Security bloggers help keep you up to date on how to protect your network through news, updates, advice, and opinions on how you can stay ahead of hackers.

  • Chad Perrin // October 16, 2008, 1:15 PM PST

    12 security suites tested and 12 security suites fail

    Chad Perrin warns users and admins against the lure of one-size-fits-all security suites and offers advice on building an effective defense of your network.


  • Paul Mah // October 15, 2008, 4:59 PM PST

    Security News Roundup: Start-up launches virtual firewall

    This week's security events include news of Symantec acquiring MessageLabs, a bumper edition of patches from Microsoft on Patch Tuesday, critical flaws found in ARCserve Backup, and a start-up launching a new virtual firewall.


  • Tom Olzak // October 14, 2008, 9:00 PM PST

    Use a security controls matrix to justify controls and reduce costs

    A controls matrix exercise is a good way to step back and make sense of what you've done over the past three or four years, strengthening the security controls foundation before moving forward.


  • Tom Olzak // October 12, 2008, 9:00 PM PST

    FACTA "Red Flags Rule": Concern for security managers?

    A new security compliance deadline arrives on November 1, 2008. If your organization is one of the covered entities, there are Red Flag rules concerning PII that you need to know about. Tom Olzak covers the basics of FACTA (U.S. Fair and Accurate Credit Transaction Act of 2003) for security managers.


  • Chad Perrin // October 9, 2008, 4:26 AM PST

    How closed policies hurt security development

    Development policies designed to keep the competition out can actually prove counterproductive. Don't make the same mistake the US government made in the 1990s with information security technologies.


  • Tom Olzak // October 7, 2008, 9:00 PM PST

    Security training: Delivering the message

    Tom Olzak finishes up a series on security awareness training for users. Once you understand awareness and training outcomes, proper delivery is key to reaching them.


  • Chad Perrin // October 7, 2008, 4:19 AM PST

    What to do about RFID chips in your wallet

    Have you wondered about the security implications of RFID chips in your driver's license, credit cards, and passport? The growing prevalence of RFID transponders in these items, and others, can raise security concerns. You should know what issues arise, and what you can do about them.


  • Tom Olzak // June 29, 2008, 11:00 PM PST

    Ethics vs. Whitewash

    Security doesn't happen by wishful thinking. It takes hard work, commitment, and management support. Doing the right thing isn't always easy, but we should expect it from those to whom we entrust our information.


  • Paul Mah // June 28, 2008, 3:53 PM PST

    Security news roundup: Hackers crack London Tube's Oyster Cards

    This week's security events include a vulnerability in the multicast filter of an unpatched Solaris 10 system, Trojans targeting the ARDAgent flaw in Mac OS X, hacks of the London Tube's Oyster Card, and an IT manager who got 63 months for causing massive data loss at his former employer.


  • Chad Perrin // June 27, 2008, 5:55 AM PST

    Knowing the superficial side of security is important, too

    Maybe you're a sole proprietor or a home computer user, answerable to nobody but yourself for security policy. If you have to answer to others, though, you need to know more than good security practice; you also need to know the good, bad, and ugly of industry best practices.


  • Tom Olzak // June 25, 2008, 5:28 AM PST

    Free security tools: Secunia Personal Software Inspector

    Making sure applications in new or existing endpoint system images are free from unpatched vulnerabilities is not an easy task. Secunia provides a free utility to help identify and quickly remediate out-of-date or EOL programs.


  • Tom Olzak // June 24, 2008, 3:48 AM PST

    Managing risk with After Action Reviews

    Responding to security incidents, whether they are malicious or accidental, requires a final step that many organizations neglect. An After Action Plan (AAR) helps to reduce the probability of a recurrence and improve response activities. Tom Olzak shows you how to execute a standard AAR.


  • Paul Mah // June 22, 2008, 7:39 PM PST

    Security news roundup: New vulnerability affects Firefox 3

    This week's security roundup includes a new vulnerability discovered in Firefox, Microsoft admitting to a mistake with a recent Bluetooth patch, the lack of any progress at cracking the Gpcode.ak ransomware, and the loss of NHS laptops that could expose the personal particulars of up to 30,000 patients.


  • Chad Perrin // June 19, 2008, 5:12 AM PST

    Vulnerability counting revisited: a hypothetical example

    Vulnerability counting is, in many cases, worse than useless as a means of quantifying the security of the software. I've made this point before, but this article tries a different approach to making it: demonstration by hypothetical example.


  • Paul Mah // August 22, 2008, 4:59 PM PST

    Security news roundup: The security risks of SSDs

    This week's security events include news that servers belonging to Fedora and Red Hat have been broken into, the release of Opera 9.52, a vulnerability in Tomcat which could result in arbitrary file access, and the security risks of SSDs.