A Process-based Approach to Protecting Privileged Accounts and Meeting Regulatory Compliance
[ Source: BeyondTrust ]
November 2009-
This white paper outlines a sound process-based approach in protecting critical privileged accounts that are found in virtually every application, database and infrastructure device throughout enterprises. This paper will present BeyondTrust PowerKeeper as a solution to secure passwords for privileged accounts in heterogeneous IT environments. Through features such as automated password resets and management workflows, secure storage of credentials, and a sealed operating system, PowerKeeper is the only solution in the market that is fully ....
PCI DSS Compliance in the UNIX/Linux Datacenter Environment
[ Source: BeyondTrust ]
November 2009-
This document explains how BeyondTrust PowerBroker supports the Payment Card Industry Data Security Standard (PCI DSS) by limiting and tracking authorization to execute commands and programs that access servers and applications storing and using proprietary cardholder. BeyondTrust PowerBroker provides an auditable process that controls, monitors and records that access.
8 Steps To Holistic Database Security
[ Source: Guardium ]
June 2009-
Guardium provides this report on the eight essential best practices for a holistic approach to both safeguarding databases and achieving compliance with key regulations--such as SOX, PCI-DSS, NIST 800-53, and data protection laws.
How To Secure And Audit Oracle 10g and 11g
[ Source: Guardium ]
April 2009-
Guardium provides the "Hardening Your Database" chapter from the 454-page book "HOWTO Secure and Audit Oracle 10g and 11g" and learn how to navigate the many security options within Oracle (authored by database security expert and Guardium CTO, Ron Ben Natan, Ph.D.).
Red Flags Rule: The FTC Regulation and Solutions to Prevent Identity Theft
[ Source: Perimeter ]
August 2009-
Under the Red Flags Rule, financial institutions and creditors with covered accounts must have identity theft prevention programs. Obtain the critical information on technology, process, and policy for compliance in this whitepaper.
Security Threat Report: July 2009 Update
[ Source: Sophos ]
July 2009-
In 2009, cybercriminals are turning their attention to Web 2.0, social networking platforms, and alternative tools such as PDFs. This security threat report examines new malware trends, and explains how businesses can defend against them.
Buyers' Guide to Endpoint Protection Platforms
[ Source: Sophos ]
November 2009-
Discover how you can leverage endpoint security and data protection to provide simplified cross-platform security, centralized management, and control of devices, apps, and network access.
Converged Threats
[ Source: MessageLabs, Symantec Hosted Services ]
September 2009-
Business users face more than increasing workloads and demanding deadlines in an ordinary workday. They also deal with a wealth of well-disguised and sometimes dangerous malware, which litters the online environment and silently pushes its way onto networks.
Malware takes on many different forms, from viruses and spyware, to phishing, spam and social engineering attacks. The most common channels for malware include e-mail, Web and instant messaging (IM), leading to the collective phrase “converged threats.”
....
A Methodology For Implementing Continuous Roles-Based Access Governance
[ Source: Aveksa ]
March 2009-
The management of user access has long been an extraordinarily complex challenge for organizations. Central to this challenge is the concept of creating defined user roles. Used correctly, roles provide a means of simplification, and allow organizations to tailor enterprise access to the needs of the business. The result, in a perfect world, is greater IT operational efficiency, business agility and improved security through a set of preventative controls.
In practice, nearly ....
Managing Risk For Effective Access Governance
[ Source: Aveksa ]
October 2009-
User access-related business risk comprises a broad array of potentially damaging events that may be caused or made possible by inadequate governance of access to an enterprise's information assets. Such events range from relatively minor policy and compliance violations to disastrous business losses. The stakes involved in access-related risk have risen dramatically in recent years as organizations have become thoroughly operationalized by technology.
With nearly every facet of large enterprises' operations now dependent on ....