GovInfoSecurity.com RSS Syndication

Each year, PowerTech releases its "State of IBM i Security" study, documenting how well organizations manage their security. And, each year, the study shows that the vast majority of organizations still rely on menu security to protect their data. Unfortunately, today's users have access to interfaces (such as FTP, ODBC, JDBC, and remote command) that completely bypass these controls and make it easy to view, update, and delete data in the database. If you need to comply with government or industry regulations, or if you simply want to ensure the integrity of your application data, understanding these interfaces is critical.

In this webinar, Robin Tatam, Director of Security Technologies for PowerTech, discusses:

• What you need to know about IBM i security
• How to close the "back doors" not covered by traditional menu security schemes
• How to implement policies that restrict access to only those users who need it

Tatam also demonstrates PowerTech's Network Security, the exit point monitoring and access control software that can help you secure your system.

Do you have the right personality type to flourish in an IT security role? Laurence Shatkin, author of "50 Best Jobs for Your Personality," offers tips for finding the job that truly fits your type.

Interviewing the Retiring Cybersecurity Coordinator
We began speaking with Howard Schmidt years before anyone heard the term cybersecurity coordinator. Here are links to key interviews with Schmidt, who's retiring from that post at month's end.

Howard Schmidt to Step Down at End of Month
Michael Daniel, who as chief of the White House budget office's intelligence branch has extensive background in IT security, will replace Schmidt as cybersecurity coordinator.

Small, Mid-Size Enterprises Especially Need to Develop Strategy
Why do so many small and mid-sized enterprises continue to believe that business continuity planning is just for the big guys? And how do we go about convincing them otherwise? Here are some tips.

New CTO Named, Independent Auditor Hired
Utah Gov. Gary Herbert has taken several steps in the wake of a hacker attack against an unencrypted server that exposed state health department information on 780,000 individuals. Experts assess whether the steps are the right moves.

Day-Long Session to Focus on Technical Aspects of Botnets
Workshop participants will explore the technologies, tools and resources that are used against botnets and examine their effectiveness, valuable characteristics and gaps.

Raising Public Awareness on Cyberthreats Via Public Service Ads
A cybersecurity public service campaign would do more than just make individuals aware of their own online behavior, but raise awareness to the economic threat posed by IT vulnerabilities, an issue political candidates should address.

A Year After Its Debut, Index of Cybersecurity Rises by 30 Percent
Factors driving up the index vary from month to monthly, but the clear takeaway of the survey of IT security practitioners is that they're getting more apprehensive about safeguarding IT.

How common are padded resumes like the one that led to the departure of Yahoo CEO Scott Thompson? Far too common, says attorney Les Rosen, who offers tips to help organizations manage such risks.

When breaches occur, most organizations struggle to collect the right data and get investigations off the ground. How can breach response improve? Verizon's Chris Novak offers expert advice.

Tips on Building Trust Greatly Needed
A new guide from federal regulators on key privacy and security issues to address when adopting electronic health records is valuable. But additional guidance on risk assessments and other issues is needed.

Americans express a bit less anxiety about their security than they felt a year ago, perhaps because they've become desensitized by extensive news reports about cyberattacks last spring, says Unisys' Steve Vinsik.

The Department of Defense and two other government agencies have issued a proposed rule designed to help ensure that government contractors provide adequate privacy training to their staff members.

Guidance on establishing processes to rapidly detect and respond to cyber incidents.

Specifying architecture and technical requirements for a common identification standard for federal employees and contractors.

Organization, Mission and Information System View

What are organizations' top cloud security concerns, and how are security leaders addressing these concerns through policy, technology and improved vendor management?

This is the key question posed by the 2012 Cloud Security Survey.

No longer just an emerging technology practice, cloud computing today is embraced globally as a means of gaining efficient access to critical applications, processes and storage. It's now common for organizations to rely on cloud service providers for functions and business applications such as customer relationship management, messaging or storage via a public, private or hybrid cloud. Further, industry-specific cloud-based applications such as electronic health records or mobile banking and payment applications are emerging at an unprecedented pace.

But these engagements come with questions about risks:

• What are your cloud service provider's security and privacy measures, and have they been audited?
• Where geographically is cloud data being stored, and how do operational practices comply with government, industry and organizational privacy regulations?
• How is a multi-tenant cloud environment managed, and in the event of system compromise - what will be the incident response escalation process?

Yes, cloud computing is about efficiencies and new technologies, but it's also about security, privacy and an organization's reputation.

The 2012 Cloud Security Survey was crafted with assistance from leading experts in cloud computing, security and privacy, with a mission to:

• Chart the latest cloud trends, including types of cloud implementations most common by industry and region;
• Gauge organizations' top cloud security concerns, from vendor security to data governance and breach preparedness;
• Predict the top areas of investment for organizations most concerned about cloud security.

This webinar will draw upon survey results and expert insight from a special roundtable panel to discuss:

• Top Security Concerns - Are organizations more concerned about where their data is stored, or whether a malicious insider might be a threat to it?
• Success Factors - On a scale with cost savings and availability of services, how does security now rank among elements critical to a successful cloud computing implementation?
• Protective Measures - What are some of the practices organizations are employing, from instituting more stringent contracts to enforcing third-party audits and even participating in mock security exercises with cloud service providers?

A follow-up to ISMG's 2011 Faces of Fraud Survey, this webinar looks not only at the latest fraud trends and how institutions are fighting back, but also at their progress in putting together layered security controls in conformance with the FFIEC Authentication Guidance.

Given the persistence of fraud threats and the demands of the FFIEC Authentication Guidance, the 2012 Faces of Fraud Survey is crafted with assistance from leading experts in fraud detection and prevention, with a mission to:

• Chart the latest fraud trends, including account takeover, skimming and payment card breaches;
• Gauge institutions' preparedness to conform to the FFIEC Authentication Guidance, including where they are prioritizing their efforts;
• Predict the top areas of focus for 2012, from real-time fraud monitoring tools to new layered security controls.

Software applications are an integral part of 21st century business processes. The majority of software is still installed in-house, either as specially developed custom applications or commercially acquired packages. However, the proportion of software procured as a service is on the rise, as is the use of mobile apps and open source components. In addition, more and more in-house applications are being web-enabled and exposed to the outside world.

Regardless of its origin, the vast majority of software will contain flaws which can constitute a security risk, especially for those applications that are web-enabled. The cost of fixing a flaw increases the later that they are found in the development, acquisition and deployment life-cycle. There are a number of measures that can be taken to mitigate the problem and reduce the overall cost of managing software whilst ensuring better security. Increasingly, businesses are recognizing the benefits of outsourcing at least some of the effort through the use of on-demand software testing services.

This webinar explores how businesses are deploying software and what measures are in place for checking the security of applications. This webinar will present new research conducted amongst US and UK enterprises from a range of industries and assesses the scale of the software security problem, the ways in which it can be mitigated, the extent to which this is being achieved, the costs involved and how these can be minimized.

• 2011 was the Year of the Breach. Some of the world's best companies and brands were attacked making securing your enterprise applications a key information security imperative.
• As applications become more mission critical to the enterprise, so too does the need to secure them.
• Learn how enterprises can leverage the various application testing approaches in their application security programs.