Enterprise Security Threats are Here and Growing
Dear Visitor,
Organizations of all sizes are struggling to keep their Internet connectivity secure. Simultaneously, they must ensure business continuity while meeting regulatory guidelines including Sarbanes-Oxley Act (SOX), HIPAA, GLBA, Payment Card Industry (PCI) Data Security Standard
A significant change in hackers' motivation is causing a new threat to your Internet interface.
Today, attacks are not for glory and fame. They are mostly profit driven. The longer attacks go unnoticed, the greater the opportunity thieves have to profit from your data and confidential information stolen through your networks.
All organizations large and small must examine the adequacy of their existing security networks in the face of these new profit- driven attacks. The question that security officers, risk managers and CIOs need to ask is: Can my existing platform protect against the latest evolution of innovative malicious code?
We hope this Key Solution Center on Security provides useful information to help you keep your Internet Security policies and practices ahead of those who would maliciously enter your networks.
Yours Truly,
Terry Boulais
Director of Business Development
|
|
|
What is PCI DSS?
Payment Card Industry Data Security Standard (PCI DSS) is a global
security program that was created to increase confidence in the payment card
industry and reduce risks to PCI Members, Merchants, Service Providers and
Consumers.
PCI Security Links
Welcome
to the PCI Security Standards Council
Internet Security Systems, Inc.
2007
The mission of the PCI Security Standards Council is to enhance
payment account data security by fostering broad adoption
of the PCI Security Standards.
Payment Card Industry (PCI) Data Security Standard
This document describes the 12 security requirements for all
members, merchants, and vendors who process, transmit, or store
cardholder data that are contained in the Payment Card Industry
Data Security Standard (PCI DSS).
Identity Theft
The ever-growing problem of identity theft means that individuals and businesses need to make concerted efforts to protect their personal information and other sensitive business data, including privileged business/client data.
Identity Theft Links
Fighting Back Against Identity Theft NEW
United States Federal Trade Commission; 2008
Consumers can learn how to avoid identity theft – and learn what to do if their identity is stolen. Businesses can learn how to help their customers deal with identity theft, as well as how to prevent problems in the first place. Law enforcement can get resources and learn how to help victims of identity theft.
Internet Security Basics, Part One: Identity Theft: Top Ten Preventative Tips NEW
Waterfront Online; October 8, 2007
By: Dawn Lewis, Features Editor
Ten tips to prevent identity theft; focuses on personal identity theft.
Protect your identity: Start with the basics NEW
How-To & Education by: SQUDO©; 2008
12 tips to help you start protecting your personal information and identity.
Unauthorized Access of Computer Records Discovered at UT of Austin NEW
University of Texas, Austin: McCombs School of Business (Data Theft Information Center); 2006-2008
In April 2006, a deliberate theft of data from the McCombs School of Business served to highlight the necessity of this commitment. It also underscored the ubiquity, severity and sophistication of today’s threats to information security.
Identity Theft and Your Business NEW
About.com; 2008
By: Susan Ward (Small Business, Canada)
Here are five more things you can do to prevent identity theft in your small business.
Reports show identity theft is a growing business, costing billions NEW
San Francisco Chronicle; November 28, 2007
By: Tom Abate, Chronicle Staff Writer
Findings of two reports estimate the consequences and costs of all the electronic data losses that have put at least 215 million sensitive records into the wrong hands and spawned a new criminal epidemic of identity theft since counting began in 2005.
Key Webinars
Data Leakage - Combating Your Biggest IT Security Threat NEW
February 28, 2008
Organizations now face a more damaging IT security threat -- data leakage from inside their network, either unintended or malicious.
How IBM ISS can help you with PCI (Payment Card Industry) Compliance
Thursday, October 25, 2007
Describes how IBM Internet Security Systems (ISS) is helping ensure compliance with the Payment Card Industry Data Security Standard (PCI-DSS). Also, how to protect against evolving threats and control costs.
How IBM ISS Can Help with SOX, GLBA, PCI, HIPAA and SCADA Compliance
September 27, 2007
How IBM Internet Security Systems (ISS) helps ensure compliance,
protect against evolving threats and control costs.
Combating IT Security Threats in the Enterprise
August 23, 2007
Joshua Corman, Principal Security Strategist
for IBM Internet Security Systems (ISS), discusses how to reduce risk,
control costs, keep up with changing threats and maintain regulatory
compliance
Relevant Links
Creating an Information Security Infrastructure NEW
DATABASE TRENDS & APPLICATIONS; January 27, 2008
By: Sandi Nannini
Article by Key’s Sandy Nannini, “Creating an Information Security Infrastructure” in the new electronic edition of Database Trends & Applications. It surveys the broad field of security threats to IT today, challenges.
A Blueprint for Security NEW
IBM ForwardView; February 2008
Find out how IBM’s security assessments can help you create a blueprint for security. Where is your company vulnerable? System-wide checkups gauge four areas where information security is vital. Key can work with you to see how these assessments from IBM ISS can strengthen your security strategy on the ground.
"Hair on Fire" with System i Security NEW
System i Network; March 10, 2008
System i is used by more than 90 percent of the Fortune 1000, and it often hosts sensitive and confidential data such as credit card and Social Security numbers. PowerTech uncovered many security issues.
Product Lines: Some Security Concerns Playing Possum NEW
SystemINetwork; February 6, 2008
As System i professionals, we are used to a platform that offers strong protection built right into the operating system. We feel safe. But are we “safe”?
Security is an Ecosystem NEW
TechRepublic; February 4, 2008
Improving your security involves not only choosing the best tools and techniques for yourself, but advocating them for others -- and educating those others as well. Security is an ecosystem — not a product. You cannot buy it except at the cost of giving it away.
Security threats in a unified world NEW
TechRepublic; February 15th, 2008
By: Deb Shinder
A unified system, while providing more convenience and ease of use, also provides attackers with a larger attack surface that contains multiple points of vulnerability. Just as networked computers are more vulnerable than stand-alone systems, unified communications systems allow for the spread of attacks more readily than do stand-alone communications systems.
Bush Administration Asks for $6 Billion in Cyber Security Funding NEW
ZDNet; January 28, 2008
The Bush administration is asking Congress for $6 billion to spend on cyber security in one year. Blogger Richard Steinnon advises against granting the Department of Homeland Security carte blanche for the amount, especially when it's tight-lipped about how it will spend the money. According to the blogger, transparency is good for security.
2008 Internet Security Trends Report NEW
Free White Paper Download
COMPUTERWORLD WHITE PAPERS
This report is designed to help highlight the key security trends of today and suggest ways to defend against the sophisticated new generation of Internet threats certain to arise in the future.
Requires Registration
10 Things Application Developers Need to Know About
Credit Card Data Security NEW
PPI Developer Services; January 2008
Payment Processing, Inc. White Paper Download
There is a great deal of confusion within the software development community about credit card data security and how it impacts software applications. While most application providers have seen numerous articles relating to credit card security breaches, they remain unaware of the impact such violations can have on their ability to support and sell their applications.
Requires Registration
The Three Most Important Security Steps the Small Business Should Take NEW
TechRepublic; January 4th, 2008
By: Jeremy Smith
The three most important security steps a small business should take are:Antivirus Software; Firewalls; and OS Patching.
Retrospective: 10 security blunders NEW
TechRepublic; January 9th, 2008
By: Chad Perrin
Lists links to the 10 Worst Security Blunders of 2007 and Early 2008
Inside IBM Secure Perspective NEW
SysteniNEWS; November 2007
By: Dan Kolz and Dan Riehl
This article focuses on a process that you can use to bring disparate members of an organization together to create and apply resource access s security policy.
Internet
Security Basics NEW
The Norman Transcript: October 14, 2007
Although the principles
apply to most any corporate or enterprise environment, the
information in this series of articles is aimed at home and small office
users of Microsoft Windows 2000 and XP.
Pre-emptive
Security: Staying Ahead of Hackers & Viruses NEW
IBM Forward View: October 2007
For Small to Mid-sized
Businesses
Combat
Theft by Thinking Like a Phisher NEW
ITBusiness Edge: August 31, 2007
In an interview
with Markus Jakobsson, Indiana University associate professor
and associate director for the Center for Applied Cyber Security
Research, the industry investigator discusses his recent
set of experiments designed to gather information to combat
phishing.
Where
Will Storm Hit Internet Next? NEW
IT Business Edge:
October
9,2007
By: Carl Weinschen
Executive Briefing
Researchers at the University of Southern
California Information Sciences Institute have just completed
a census of every address on the Internet. Researchers hope
the ongoing project will offer a dynamic movie of Internet
evolution and improve network security.
Researchers
Ping through First Full Internet Census in 25 years NEW
NetworkWorld; October 9, 2007
It's hoped that the Department of Homeland Security census also can aid Internet
security.
When
It Comes to Protection from Vulnerabilities, Process
Trumps over “Many Eyes” NEW
Microsoft Viewpoint; October 10, 2007
There are distinct differences in the way that Windows
Server was developed and Linux was developed. Microsoft
has focused on implementing a development model that allows
for the inclusion of important software attributes in the
planning process. One very clear example is interoperability.
Are
Good Security and Web 2.0 Incompatible? NEW
IT Business Edge; October 2007
By: Carl Weinschenk
Securing your data and network, inside and outside the perimeter. Presentation
by the CTO of IBM’s Internet Security Systems (ISS) at the annual summit
of the Georgia Tech Information Security Center.
Registry
for .asia domain to crack down on phishy sites NEW
IDG News Service; October 10, 1997
By: Jeremy Kirk
The registry for the new.asia top –level domain plans to ban domain names
that are consistently used for phising sites
Chinese
Security team becomes malware victim
NEW
ZDNet Asia – Asia
October 5, 2007
By: Liam Tung, ZDNet
Even security groups are not immune to malware writers: the
Chinese Internet Security Response Team (CISRT) has apologized
for occasionally serving up malicious code to visitors to its
Web site.
Survey
of Security Practices NEW
PC World; March 2007
By: Ellen Messmer
This Deloitte & Touche annual survey of security practices at 169 financial
institutions found 98 percent are spending more on information security this
year than last year plus increasing their emphasis on IT governance.
Top
14 VoIP Vulnerabilities
NEW
PC World; March 10, 2007
By: Ellen Messmer
Described in a new book Securing VoIP Networks, focused on the vulnerable
side of VoIP.
Leveraging Innovative Security Solutions for Banking and Financial Markets
IBM Global Technology Services
2007
Managing Threats, Reducing Fraud and Maintaining Client Trust
Stay Ahead of the Threat: Attacks on your information security have evolved
IBM Security Systems Report
2007
Viruses, worms and Trojan horses have new partners in crime: targeted attacks such as spear phishing and other destructive malware. The world of malicious code has exploded over the past year.
Five Steps to Better Internet Security
Small Business Computing.com
November 24, 2004
By: Lauren Simonds
The essential connection to the outside world via internet IT businesses are exposed to security problems, liability risks and productivity distractions.
Is Your Biz Safe from Internet Security Threats?
Entrepreneur.com
July 11, 2005
By: Peter Alexander: Tech Trends
Spyware, viruses and hacker attacks can be devastating to small businesses. Here's how to protect your company from internet security threats.
Forrester Research
Defining A High-Level Security Framework For Security & Risk Professionals
Khalid Kark, Paul Stamp
with Jonathan Penn, Laura Koetzle, Jennifer Albornoz Mulligan
January 18, 2007
A comprehensive security framework that identifies risks to confidentiality, integrity, and availability for different business functions, and discusses the reduction, transfer, and acceptance of those risks. This document establishes a high-level framework that can be used in assessing your current security program.
Forrester Research Home Page
Enter Network Security into the search engine field to bring
up related research reports.
Gartner Research Reports & Events
Email Boundary Security Trends
The e-mail security boundary market continues to be a crowded one. Spam and virus filtering are becoming commodities, and buyers must look at high-end features to find significant differentiation.
The Hostile Environment Ecosystem
Learn How To Protect Your Enterprise
July 28, 2007
A hostile information ecosystem is developing that threatens to thwart the logic of searches. Enterprises must answer the threat by building vigilance into their search strategies.
Forecast: SMB IT Security Services, North America, 2004-2010
June 27, 2007
Spending on small-and-midsize-business IT security services will reach $12.2 billion by 2010. IT management services will be the fastest-growing sector
Risk Assessment Approaches for IT Security Risk Management
January 12, 2006
IT security organizations must establish a risk management process and apply risk assessment methods that are appropriate to a given class of risks.
Books
Securing
VoIP Networks
By: Peter Thermos and Ari Takanen
Looks at VoIP infrastructure and analyses its vulnerabilities
much as the Open Web Application Security Project did for web-related
vulnerabilities and Mitre did with its Common Weakness Enumeration dictionary
for software. It also addresses human failings, not just technology problems.
Internet Security for Business
By: Anish B. Bhimani (author), Eugene Schultz (author), Carol A. Siegel (author), Terry Bernstein (editor)
Paperback
Published after 1995
A comprehensive program for safeguarding your company against the dangers of being on the Internet
|
