December 11, 2012 Added by:Rafal Los
People are still stuck on authentication, mainly passwords. We as an industry or customer base haven't been very good at figuring out how to manage identities, without sticking our customers with a million different sites which don't share common identities...
December 10, 2012 Added by:Hani Banayoti
Another year coming to a close and I am full of hope for new thinking on security for the road ahead. One particular aspect in our profession that I would like to see change in the very near future is the typical approach to incorporating security in contracts with IT Service Providers...
December 06, 2012 Added by:Rafal Los
It would seem that in the IaaS cloud service delivery model unless you know what you're getting into it may be quite tough to deploy a solid, risk-averse cloud-based application. Now, PaaS is different than the other two in that it is a compromise between extensibility and built-in security features...
November 29, 2012
A few months ago, I was invited to present at a summit organized by the New Zealand Privacy Commission, a government organization that is tasked with setting policies to ensure citizens of New Zealand remain secure when it comes to the use of their private information...
November 25, 2012 Added by:Ben Kepes
TOS;DR aims to help with what is possibly the biggest lie on the internet, that which users make when they click that they have read, understood and accepted the terms of service of their provider. The fact is that no one reads them but rather vaguely hopes for the best...
November 18, 2012 Added by:Michele Westergaard
Cyber security threats to the utility industry are increasing in number and sophistication. The North American Reliability Corporation (NERC) is increasing the Critical Infrastructure Protection (CIP) regulatory requirements to ensure facilities are meeting basic standards in this area...
November 08, 2012 Added by:Pete Herzog
This article will give you some ideas on how you can quickly put yourself out of a job using the Internet. If you're careful and a little lucky, you won't end up in jail either! At the very least, this article shows how doing things that are good for an office may not necessarily be good for the security of your company...
November 06, 2012 Added by:Ben Kepes
As we move to broader scale cloud adoption, one would be excused for assuming that we’d reached a point where the definition of what constitutes IaaS is set in stone – true different vendors package up their virtual servers with different specs, but IaaS is, to a greater or lesser extent, a fixed concept...
October 29, 2012 Added by:Tripwire Inc
Cloud computing has increased productivity and decreased IT costs. However, there is a black lining to this particular cloud, as the benefits come at the price of giving up control, visibility and tracking data provenance...
October 28, 2012 Added by:Bill Gerneglia
If you are the CIO of your organization and you spent the last decade locking down your data center hardware, patching your OSs, developing a disaster recovery plan, and securing your applications are you really in a rush to move the operation and applications to the cloud?
October 02, 2012 Added by:Victor Cruz
It has been 12 years since the US passed a law to facilitate the use of electronic records and electronic signatures. Called the Electronic Signatures in Global and National Commerce Act (ESIGN), its general intent in black and white is quoted in the very first section of the legislation...
September 26, 2012 Added by:Ben Kepes
The decision was made during the consultation process that universal design and accessibility issues should be outside the scope of the document. That was a necessary decision as the drive was to come up with a readily consumable document that vendors could easily comply with...
September 17, 2012 Added by:Ben Kepes
"The advent of cloud computing has removed infrastructure as a barrier to rapid and massive scaling of applications. [IaaS and Paas have] made it possible for a developer to create an application one day and have it utilized by hundreds of thousands of users the next..."
September 16, 2012 Added by:Bill Gerneglia
The face of corporate IT changes dramatically with a move to the cloud – no longer do people need to spend time racking and stacking servers, patching software and other low level tasks – the fact is that in the long run individual organizations will not have email server administrators, desktop software support personnel or systems administrators...
September 15, 2012 Added by:Rafal Los
Any application that was built to be secured independently of the environment will do as well in a public cloud as it did in your private data center. If you build the application to be low-risk independent of your environmental controls you shouldn't have to worry where it lives...
September 12, 2012 Added by:Mike Gault
The security market in 2012 is estimated at $60 billion, yet adding more layers of perimeter security may be completely useless against a determined sysadmin working on the inside. The end result is that your data might or might not be secure – you simply have no way to prove it...
Looking Beyond "Black Box Testing"... Paul Reed on 12-03-2013
Projectile Dysfunction... ryan mccarthy on 12-01-2013
Mobile Security: Tips for Using Personal Dev... Shah Alam on 11-30-2013