A Guide to Email Regulatory Compliance [ Source: Perimeter ]
August 2009- Laws have been passed to more adequately secure private and sensitive information, many of them specifically requiring better email security. Secure your information exchange by acting on the essential tips provided in this whitepaper.

IronPort 2008 Internet Malware Trends Report [ Source: IronPort Systems ]
November 2008- In 2007, Storm burst onto the scene and rapidly spread. A new form of malware that propagated using a combination of email and websites, it proved extraordinarily sophisticated. Storm and newer malware botnets that build on Storm’s strengths continue to affect and threaten Internet communication. To help explain the spread of Storm and current and future threats posed by similar malware, this report offers an examination of Storm and its history.

Advances in Endpoint Data Security [ Source: Credant Technologies ]
February 2008- Data security has evolved beyond simply securing "bits on disks". To ensure data protection in today's dynamic IT environment, leading analysts recommend that security protects what matters most — the data. This requires a solution with a single, integrated security architecture and a data-centric, policy-based encryption approach that can be consistently enforced wherever the data resides — across heterogeneous endpoint device types, operating system platforms, and end users. The paradigm must shift from Full Disk Encryption to ...

Knowledge-based Authentication Is Not Enough [ Source: Global Crypto ]
February 2009- Everyday millions of consumers login to financial institutions, brokerage accounts, trading platforms and other web sites using Knowledge Based Authentication (KBA) solutions. Typically these solutions ask users to respond to questions selected by the user during the web site’s initial enrollment process.

The assumption is only that particular user knows the correct answer to these common questions. But the reality is these solutions tend to create user confusion and do little to ...

Balancing Risk and Productivity for Mobile Insurance Workers [ Source: Sprint ]
August 2008- Mobile services, like 3G, have made it possible for Insurance workers to remotely access vital information while they are out in the field, but this also introduces a great deal of risk. Mark Hasse, who heads up mobile security for Sprint, demonstrates the SprintSecure Guardian connection card at ACORD.

Three Steps to Mitigate Mobile Security Risks [ Source: Rapid7 ]
November 2012- Smartphones and tablets are everywhere. Most companies allow employees to use personal mobile devices to access corporate data, but they typically have very little visibility into which employees are accessing corporate data and what kinds of devices they're using. As a result, they are blind to the risks these devices present to their corporate data.

This white paper highlights key mobile security risks and describes how pervasive they are based on data from ...

Tokenization Buyer's Guide [ Source: Intel ]
October 2012- PCI DSS expert and QSA Walter Conway takes you on a deep dive tour of tokenization techniques and their merits. He also demystifies tokenization by discussing use cases, comparing tokenization vs. encryption and providing various alternatives for implementing tokenization. Finally, Walter provides guidance on how to prepare for implementing tokenization and select a solution appropriate for your needs.

IDC Analyst Connection: Reducing Risk with Access Governance Solutions [ Source: NetIQ ]
June 2012- In this discussion with Sally Hudson, research director of IDC's Security Products and Services group, learn how to utilize access governance to reduce risk, provide better intelligence for overall business processes and the features to look for when evaluating a solution. Access governance is a process that promotes the operation, management, and high-performance levels of a business while ensuring the reduction of uncertainty. As such, access governance is increasingly important to business.

According ...

Reduce Your Breach Risk: File Integrity Monitoring for PCI DSS Compliance and Data Security [ Source: NetIQ ]
June 2012- Despite growing protective security measures, data breaches continue to plague organizations. This paper discusses the importance of file integrity monitoring (FIM), which facilitates the detection of attacks by cybercriminals, as well as insider threats that may result in costly data breaches. It also discusses file integrity monitoring as a critical component of Payment Card Industry Data Security Standard (PCI DSS) compliance, and shows how NetIQ addresses both security and compliance challenges through the NetIQ Identity ...

HII Report: An Anatomy of a SQL Injection Attack (SQLi) [ Source: Imperva ]
June 2012- Organizations of all sizes, and even Lady Gaga, are under SQL injection (SQLi) attack. According to Privacyrights.org, SQLi has contributed to 83% of successful hacking-related data breaches since 2005. Can your organization afford this type of attack?

This report analyzes SQLi attack variants that allow the evasion of simple signature-based defense mechanisms, investigates automated SQLi tool kits, such as Sqlmap and Havij, and recommends a three-fold approach to defeat SQLi.