Latest Knowledgebase News

Information security must be designed and implemented as a core ingredient of the business strategy (part 1)
posted on 07/02/2011

As enterprises struggle to remain profitable in an ever-changing risk environment, the current economic crisis has elevated the need for effective business risk management. Information security is a key parameter that affects business risk. The academic definition of information security is the “preservation of confidentiality, integrity and availability of information.” Confidentiality is the preservation of secrecy of information (e.g., business reports, technical designs or financial projections) by ensuring that viewing is conducted solely by authorized people. Integrity is ensuring that information is accurate and consistent and has not been manipulated. Availability ensures that information is accessible to authorized people when needed. Historically, information security has been addressed primarily as a technical issue. Preventive controls, such as firewalls, user access control mechanisms, encryption of data and communications, digital signatures, data backup systems, and dete... [more]

You need to manage the privileged identities for every system in your network
posted on 31/01/2011

You have security firewalls and antivirus tools. You have role-based access controls and identity management software. You probably even have regulatory compliant applications. But how safe are the servers, storage devices, and network appliances that actually host your data? At this moment can any administrator login to your systems, read and modify records, change device settings, install new code… and more? If there's a breach, will you know who is responsible? How will you track who did what to which system, and when? Without a method for managing the privileged identities for every system in your network, you are vulnerable to all of these threats posed by unauthorised users and malicious programs. Privileged identities are accounts that hold elevated permission to access files, install and run programs, and change configuration settings. They exist on virtually every server and desktop operating system, business application, database, Web service, and network appliance in your orga... [more]

The need for robust security and Service Level Agreements inthe Cloud
posted on 29/12/2010

Today’s round-the-clock information culture means organisations are becoming more reliant than ever on continuous access to applications and data. Whatever the cause, a break in continuity negatively impacts business – whether it’s the inconvenience of a few hours’ lost productivity while email is down, or complete operational paralysis when business-critical processes such as transactional systems experience an outage. Malicious Denial of Service (DoS) attacks are on the increase, as high-profile companies are targeted for business disruption rather than information theft. Despite sweeping defence cutbacks in the recent government spending review, funding for measures to counter cyber attacks was given a £650m boost, highlighting the serious national implications and the threat level of this modern form of hostility. Equally, accidental interruptions – whether internal or external, unforeseen or unpreventable – resulting in no-fault incidents, can also leave your business in the... [more]

Video analytics and situation management for airports' perimeter protection
posted on 10/11/2010

Today’s airport is like a self-contained mini-metropolis. Much like the urban centres they border, airports depend upon a myriad of service businesses, suppliers and retailers to keep their operations running smoothly. All of this translates into a maze of security challenges for the security teams charged with ensuring public safety and protecting vital, mission-critical assets. When it comes to an airport’s perimeter protection the old adage that ‘a smart person knows how to resolve a problem, but a wise person knows how to avoid the problem in the first place’ has never been more appropriate. CCTV surveillance systems that take advantage of video analytics can provide the insight that allows security teams to proactively monitor perimeters and significantly raise the probability of early event detection to prevent or contain an incident. Perimeter control is the first line of defence for an airport and typically security teams place heavy reliance on CCTV monitoring for the early... [more]

The must-have requirements of Cloud-based network security
posted on 20/10/2010

While some of the technical underpinnings that make up the Cloud’s ‘secret sauce’, are relatively recent innovations, the business case for managing critical IT functions as services – inside or outside the firewall - is not a new concept. At the end of the day, the Cloud is just another way to outsource IT functions, and the same fundamental concerns that exist with more mature outsourcing offerings need to be addressed – such as, how does an organization manage its security and compliance posture when critical systems and data are hosted or managed by a third party? When Sarbanes-Oxley first hit in 2002, almost overnight every security company became a compliance company. Fast-forward to 2010, and every security company is now a Cloud company, or has a “Cloud Strategy.” Whether or not it makes sense for an organization to move IT assets to the Cloud depends on a host of factors, with security and compliance being two of the most important. One way IT managers can assess the risk ... [more]

Other Security news and resources