Search This Blog

Friday, October 01, 2010

5 problems with SaaS security; How to keep employees from stealing intellectual property

How to keep employees from stealing intellectual property | 6 tips for guarding against rogue sys admins

Network World Compliance

Forward this to a Friend >>>


5 problems with SaaS security
As interest in software-as-a-service grows, so too do concerns about SaaS security. Total cost of ownership used to be the most frequently cited roadblock among potential SaaS customers. But now, as cloud networks become more frequently used for strategic and mission-critical business applications, security tops the list. Read More


WEBCAST: Cisco Ironport Systems

All Clouds Are Not Created Equal
Join this webcast for a tactical session that breaks down cloud computing, addresses concerns around control and reliability, and addresses one of the popular uses of cloud services today: email security. Learn More

In this Issue


WEBCAST: Meraki

802.11n: Faster, Easier, and Cheaper than Ethernet?
See Cloud Controlled Wireless in action - including demos, case studies, and architectural analysis, to learn just how well this fast-moving technology lives up to its promises. Learn more!

How to keep employees from stealing intellectual property
Your data is your business. And if you're not vigilant about your employees' access to that data, you're going to end up out of business. That's the advice of Patricia Titus, current CISO of Unisys and former CISO of the Transportation Security Administration. Read More

6 tips for guarding against rogue sys admins
One of the biggest threats that organizations face is losing sensitive data -- such as payment card or personally identifiable information about customers or employees -- to theft from their own employees. The threat is greatest from systems and network administrators, who have privileged access to vast amounts of corporate data and are responsible for most compromised records in insider cases. Read More

Biggest insider threat? Sys admin gone rogue
What's one of the biggest insider threats to the corporate network? The high-tech folks that put it together, make changes to it, and know more about what's on it and how it works than anybody else. When the database, network or systems administrator goes rogue, stealing data http://www.networkworld.com/news/2007/070307-fidelity-national-records.html?nlhtsec=0702securityalert4&, setting up secret access for themselves, even in anger planting logic bombs to destroy data http://www.usdoj.gov/usao/nj/press/files/du1217_r.htm, or just peeking at sensitive information http://www.networkworld.com/news/2010/070710-snooping-protected-data.html they know is off limits, they become the very insider threat that the IT department is supposed to be guarding against. Read More

State IT security pros feeling big budget squeeze
A survey published Monday of chief information security officers (CISO) for almost every state in the union shows that the vast majority feel they don't have adequate budgets. Read More

Business partners a growing security concern
Increasingly complex business relationships are forcing companies to give outsiders greater access to internal systems. According to this year's Global Information Security Survey, this presents a security problem. Read More

Meeting the new PCI wireless requirements
Beginning Sept. 30, Visa will require merchants and related businesses to conduct wireless security scans to prove compliance with version 1.2 of the PCI Data Security Standard (PCI DSS) which is designed to safeguard cardholder data from wireless threats. Read More

Microsoft's Security Essentials running on 31 million PCs
Microsoft's free antivirus software, Security Essentials, has been installed on 31 million PCs in its first year, the company has announced. Read More

MIT system helps companies recover from network intrusion
MIT Computer Science and Artificial Intelligence Laboratory researchers will next week detail a system they say will make it easier for companies to recover from security intrusions. Read More

ZeuS trojan bank-theft scheme extends to the U.S.
More than 60 people will be charged in the U.S. with using the Zeus trojan to steal millions of dollars from U.S. banks as part of a scheme that resulted in similar charges in the U.K. earlier this week. Read More


WHITE PAPER: IBM

Data Growth Challenges Demand Proactive Data Management
Most organizations do not have a firm handle on how to manage their data growth, particularly unstructured, file-based information – the fastest growing type of data. Learn the tools, techniques and best practices available to proactively plan for and manage data growth. Read now

Four steps toward safer online banking
With the ZeuS Trojan continually being revised and updated, the malware remains effective as a tool for stealing online financial credentials, but there are some simple measures banks could take to make online accounts more secure, according to the SANS Institute. Read More

Houston hotel on watch for threats from inside and out
As open buildings, hotels are typically on guard for any signs of trouble. So it's no surprise that the downtown Hilton Americas–Houston just upgraded its video-surveillance system, installing one based on 3VR Security's digital recorder platform for the sake of efficient retrieval of video footage for research. Read More

Android software piracy rampant despite Google's efforts to curb
Pirating Android apps is a long-standing problem. But it seems to be getting worse, even as Google begins to respond much more aggressively. The dilemma: protecting developers' investments, and revenue stream, while keeping an open platform. Read More

Fight insider threats with the tools you already have
Common security tools already used by many businesses can be effective means for finding corporate data thieves and saboteurs, according to researchers at Carnegie Mellon's Software Engineering Institute. Read More

Is Stuxnet an Israeli-invented attack against Iran?
Was Stuxnet, a sophisticated piece of malware designed to attack industrial control systems (ICS), secretly invented by Israel to attack Iran's industrial controls systems? Read More

What's up with encryption?
Indeed whatever the reason, encryption technologies seem to be behind a series of important security happenings of late. Here's a look at some of the more interesting happenings shaping encryption today: Read More

Survey: Cloud security still a struggle for many companies
Despite the value many companies see in cloud computing, a lot of you are still afraid of the security implications, according to this year's Global Information Security Survey. Read More

Professionals: Don't use Facebook and Twitter
Do you receive a steady stream of invitations to join Facebook, MySpace, and Friendster? I have been told repeatedly by friends and colleagues that I should post personal information on these sites, tweet on Twitter, and use some of the many other social-networking tools available. However, as a computer-security professional, I have purposely avoided joining Facebook and tweeting on Twitter. Read More

The shape of threats to come
Mark Gibbs ponders the uber malware called Stuxnet. Read More


WHITE PAPER: CA

Service Assurance Defined
This Forrester paper explains the concept of service assurance and highlights how it can address fundamental issues around managing application performance and business services. Learn More

Many Android apps leak user privacy data
Researchers have created Android-based code that tracks what applications on a smartphone actually do with the data they have access to. They do a lot, it turns out, and most of what they do is unknown to the enduser Read More

IE users most at risk from DLL hijacking attacks
Users of Microsoft's Internet Explorer are more vulnerable to rogue DLL attacks than people who use rival browsers such as Mozilla's Firefox or Google's Chrome, a security researcher said today. Read More

Zeus botnet bank thieves were careless with own security
Suspects charged with stealing more than $9.4 million from U.K. banks using the Zeus botnet apparently spent more time figuring out the logistics of stealing the money than they did on securing their cyber operation. Read More

Why CIOs are Resetting Information Security Priorities
Business partners with shoddy information security. Cloud computing vendors with dubious risk controls. What's a CIO to do? Our annual Global Information Security Survey tracks the trends. Read More

NIST blesses network access, desktop security
The Trusted Computing Group and the National Institute of Standards and Technology Tuesday joined to give their blessing to the union of two technologies that each have championed: TCG with its network-access control standard called Trusted Network Connect, and NIST with its desktop-security configuration standard called the Security Control Automation Protocol. Read More

Symantec lays out encryption roadmap
Symantec is laying down a strategy for integrating the two encryption-software companies it acquired, PGP Corp. and GuardianEdge Technologies. Read More

Study: Top web sites riskier than porn
Malware has become so common on the web that users are more likely to find malicious content while visiting popular sites than when they are on porn and gaming sites, according to research released Tuesday by security firm Websense Read More

Heartland Payment Systems bolsters encryption
Heartland Payment Systems, which last year suffered a devastating data breach, has been on a mission to secure payment-card processing . Read More

Snort rival launches threat-detection start-up
Emerging Threats Pro debuted Monday with a rival intrusion detection and prevention signature technology to vendor Sourcefire, which shepherds open source Snort and its threat-detection signature base. Read More



Join us on LinkedIn

Discuss the networking issues of the day with your colleagues, via Network World's LinkedIn group. Join today!
- Jeff Caruso, Executive Online Editor

SLIDESHOWS

Meet RIM's BlackBerry PlayBook
Research in Motions heats up the tablet wars with BlackBerry PlayBook that aims to outshine Apple and Samsung when it comes to business appeal.

A brief history of Android
In this slideshow we'll take you back in time to trace the origins of the Android operating system and show how it rose rapidly to become one of the top operating systems in the mobile world.

MOST-READ STORIES

  1. Red Hat urges patent office to deny most software patents
  2. Many Android apps leak user privacy data
  3. Zeus botnet bank thieves were careless with own security
  4. Professionals: Don't use Facebook and Twitter
  5. Android software piracy rampant despite Google's efforts to curb
  6. Cisco eats its own IPv6 dog food
  7. How to make your cable company hate you
  8. Texting while driving bans don't work, study finds
  9. Fed's IPv6 plan called a "game changer"
  10. The shape of threats to come

Do You Tweet?
Follow everything from NetworkWorld.com on Twitter @NetworkWorld.

You are currently subscribed to networkworld_compliance_alert as security.world@gmail.com.

Unsubscribe from this newsletter | Manage your subscriptions | Subscribe | Privacy Policy

If you are interested in advertising in this newsletter, please contact: bglynn@cxo.com

To contact Network World, please send an e-mail to customer_service@nww.com.

Copyright (C) 2010 Network World, 492 Old Connecticut Path, Framingham MA 01701

** Please do not reply to this message. If you want to contact someone directly, send an e-mail to customer_service@nww.com. **


No comments: