Definition of Security Management
the set of functions (a) that protects telecommunications networks and systems from unauthorized access by persons, acts, or influences and (b) that includes many subfunctions, such as creating, deleting, and controlling security services and mechanisms; distributing security-relevant information; reporting security-relevant events; controlling the distribution of cryptographic keying material; and authorizing subscriber access, rights, and privileges.
|
|
Security Management
|
|
Recipe for Mobile Data Security
If your business is like mine, laptops regularly disappear. Until recently, centrally managed mobile storage encryption solutions for Windows environments were either too costly, required users to carry a key-resident device, or relied on keys residing on local disk. Sometimes the best solution under these circumstances was the presence of administrative controls (i.e. policies) prohibiting users from storing sensitive information on local laptop drives. With the proliferation of TPM 1.2 across most laptop platforms and the release of Microsoft Windows Vista, most roadblocks to laptop data encryption have been removed. In this paper, I explore the challenges facing security managers responsible for laptop data security, TPM technology, and how the features of a TPM can integrate with Microsoft's Bitlocker and Active Directory technologies to provide for more secure data on the road.
Read the Article
|
The Human Layer of Information Security Defense
Effective information security is comprised of multiple layers of defense which work together to protect information. The premise is that if one layer fails, the following layer will succeed. Often when information security is discussed, the technical layers such as firewalls, software patches, intrusion detection systems, anti-virus programs, and encryption are the only areas addressed. However, an important layer of information security defense that is not given the attention that it deserves is the human layer. The human element is the arguably the most important layer of defense for information security.
Read the Article
|
How to Raise Information Security Awareness
This guide illustrates the main processes necessary to plan, organize, and run information security awareness raising initiatives: plan & assess, execute & manage, evaluate & adjust. Each process is analyzed and time-related actions and dependencies are identified. The process modeling presented provides a basis for "kick-starting" the scoping and planning activities as well as the execution and assessment of any program. The guide aims to deliver a consistent and robust understanding of major processes and activities among users.
Read the Article
|
Keys to Implementing a Successful Security Information Management Solution
This paper provides nine keys to implementing a successful SIM solution. SIM provides a way to gather, analyze, and report vast amounts of security information in a humanly understandable way, greatly enhancing the effectiveness of security analysts. While SIM solutions are expensive, they're sorely needed to meet today's security challenges.
Read the Article
|
Ghosts in the machine: The who, why, and how of attacks on information security
Information Security is the field devoted to maintaining the confidentiality, integrity and availability of information [Harris]. Organizations from small home offices to multinational conglomerates have information that needs protected, not to mention the secrecy needs of nations and the bureaucracies that govern them. Billions of dollars are spent to provide the needed security every year. But who are we protecting ourselves against? What is the threat we face? Why are we being attacked? How can we use this knowledge to protect ourselves?
Read the Article
|
The Questions Of Web Pornography: Balancing Security and Privacy
Unless you're exceptionally lucky, at some point in your career as an information technology (IT) security specialist, a client will ask you to deal with pornography in some manner. This could be a request to implement Internet browsing filters, or investigate a user suspected of downloading adult material, or craft a policy protecting the client organization from litigation involving obscene exposure (so to speak). Familiarization with the dilemmas inherent to such activity is advised, yet somewhat difficult.
Read the Article
|
Web Application Security for managers
As a manager, part of your job is to plan and prioritize tasks and to control the work done. To plan and prioritize tasks, you need to have a global overview of all issues. To control the work done, you need a basic understanding of the subject. The first part of the article intends to convince the reader that web application security matters. This may not be obvious to all managers. They sometimes believe that a firewall and the use of the SSL protocol are enough to secure a web application. The second part of the article surveys some of the potential problems and discusses solutions. We will look at issues like data manipulation, input validation, SQL query poisoning, session hijacking, and some others. The article ends with a summary of the recommendations.
Read the Article
|
Security Program Management and Risk
Information security should be managed as a program that requires the same degree of attention and responsibility as other resourced programs within an organization. This paper argues for building a security management program on a foundation of business risk assessment and risk management. It defines and explains risk, risk assessment, risk management and relates business risk management to security risk management. A synopsis of the steps in risk management and guidance on the key components for effectively implementing a security risk management program into an enterprise is provided. The reader should have a fuller understanding of the best practices associated with risk assessment and risk management and be able to use risk analysis to communicate with business process owners in terms of the risks to confidentiality, integrity, and availability in their areas of concern.
Read the Article
|
Information Classification- Who, Why, and How?
This paper will clarify who should be determining appropriate company protection needs. It will also demonstrate why information classification is a necessary, efficient and effective means to convey business driven information protection requirements. Last, it will offer a method for classifying information to persuade readers from accepting that their company should implement a data classification system to recognizing that it can.
Read the Article
|
Implementing an effective IT Security Program
The purpose of this paper is to take the wide variety of federal government laws, regulations, and guidance combined with industry best practices and define the essential elements of an effective IT security program. An effective program includes many elements and the task seems impossible as you begin reading the literally thousands of pages of security documentation published by the National Institute of Standards and Technology (NIST), the Office of Management and Budget (OMB), the National Security Agency (NSA), and the General Accounting Office (GAO), just to name a few. This paper will highlight important elements in a short, easy to read guide. This paper is not intended to identify every security program element in detail, but should give the reader a good basis on how to implement an effective security program.
Read the Article
|
|
|
Page: 1 2 3 4 5 6 7
Members currently browsing this category:
|
|
