Five Steps to Achieve Success in your Application Security Program [ Source: IBM ]

May 2013- This white paper provides a general framework your organization can use to create or build upon an application security program. It includes guidelines that can be useful at different stages of your security program's maturity. By addressing key considerations, providing clear and actionable items, and offering real-world examples, these five steps provide an adaptable strategy to help your organization get started and maintain an effective, ongoing application-security strategy.

Intelligent Role Management For Improved Security and Compliance [ Source: IBM ]

May 2013- In complex organizations with sprawling role structures, managing user access and entitlements can be overwhelming. As part of an effective strategy for identity and access management governance, role management is a powerful method with which to strengthen and streamline the management process. Although role management solutions may help, many are overly complex and are not suited for business users. To find out how the integrated Role and Policy Modeler component of IBM Security Identity Manager ...

The Evolving Landscape of Desktop Security [ Source: McAfee ]

May 2013- Over the last 20 years, as we have moved towards a knowledge-based economy, the security challenges of maintaining the fidelity of the IT infrastructure have grown dramatically. There has been a massive increase in the number of malware samples encountered by security researchers around the world, from thousands of malware samples in a year to thousands of malware samples per day. On an operational level, endpoint security (desktop/laptops) has grown more complex, and IT security ...

Finding a Strategic Voice: Insights from the 2012 IBM Chief Information Security Officer Assessment [ Source: IBM ]

May 2013- In a hyper-connected era, a proactive integrated and strategic approach to security can empower businesses to do more than just cope with current threats - it can actually help reduce future risks. Read the IBM study, "Finding a strategic voice," and discover more insights from the 2012 IBM Chief Information Security Officer Assessment.

System Z: Making Great Security Even Better [ Source: IBM ]

April 2013- If your enterprise uses System z already, it's a safe bet that you're already aware of its legendary security. Being the only commercially available server with an EAL 5 rating is just one reason why so many of the world's top banks, retailers and other businesses that conduct high volumes of critical business transactions use System z.

With features such as cryptographic co-processors and integrated Public Key Infrastructure (PKI) support, System z has arguably ...

A Practical Guide to Database Security [ Source: McAfee ]

March 2013- A serious data breach brings monetary damage in its many forms: business disruption, bad publicity, stiff ones for noncompliance, and undermined customer confidence. But most damaging of all is the trouble that it creates when it comes to signing up new customers. A tarnished reputation is a big objection for sales and business development to overcome. That's why data security in general and database security in particular are a crucial part of any company's overall ...

Securing and Controlling Data in the Cloud [ Source: Vormetric ]

March 2013- The Securing and Controlling Data in the Cloud white paper describes the various cloud formations (Private Cloud, Public Cloud, SaaS, PaaS, IaaS), the new security challenges posed by the cloud and solutions that enterprises can bring to bear for securing and controlling sensitive data in cloud environments.

Protecting Sensitive Data In and Around an Oracle Database [ Source: Vormetric ]

March 2013- The Protecting Sensitive Data In and Around an Oracle Database technical white paper provides an overview of the sensitive files in and around the Oracle database that enterprises need to secure in order to achieve optimal database security.

A New Breed of Information Security Leader: The Hyper-Connected Era and What It Means for CIOs and CISOs [ Source: IBM ]

December 2012- 2011 was the year of the security breach. And while many security organizations remain in crisis response mode, some security leaders have moved to take a more proactive position, taking steps to reduce future risk. These leaders see their organizations as more mature in their security-related capabilities and better prepared to meet new threats. What have they done to create greater confidence? More importantly, can their actions show the way forward for others?

How Does IBM Deliver Cloud Security [ Source: IBM ]

December 2012- Cloud computing is changing the way we use computing and has the potential for significant economic and efficiency benefits. But the speed of adoption depends on how quickly trust in new cloud models can be established. Some of the growing cloud security concerns include: security of highly virtualised environments from targeted threats and attacks, enabling secure collaboration, protection of the data (isolation, sharing) in a rapid provisioning and deprovisioning environment while experiencing the loss of ...

Close Encounters of the Third Kind [ Source: IBM ]

December 2012- This white paper presents the results of a research study on the prevalence of client-side JavaScript vulnerabilities, conducted by the IBM Security (formerly, IBM Rational) application security team. For this study, the researchers used IBM JavaScript Security Analyzer (JSA) technology, which performs static taint analysis on JavaScript code that was collected from web pages extracted by an automated deep web crawl process. This kind of analysis is superior to and more accurate than regular static ...

Complete Storage and Data Protection Architecture for VMware vSphere and Microsoft Hyper-V [ Source: HP ]

November 2012- In this white paper, HP and Veeam Software outline an end-to-end storage and data protection architecture optimized for VMware vSphere and Microsoft Hyper-V environments. Core components of the architecture are HP LeftHand Storage, HP StoreOnce Backup, and Veeam Backup & Replication software.

Cerberus: Malware Triage and Analysis [ Source: AccessData Group ]

October 2012- This document reviews new malware analysis technology, Cerberus, which determines the behavior and intent of suspect binaries without the need for signatures, white lists or a sandbox environment. Using this “triage” approach, organizations are able to detect unknown threats that signature-based technologies will miss. In addition, they are able to gain critical information immediately, allowing them to take decisive action prior to engaging a malware team. There are tens of thousands of static executables on ...