February 27th, 2006
When managers discuss physical security, it’s usually restricted to what types of locks to place on what doors. This is a good start, but locks are only one component of effective physical security. In fact, a lock is intended as one of many safeguards to delay an intruder until he is identified and intercepted by security guards or police officers. Good physical security requires the combination of locks, barriers, and sensors. But these safeguards must be supported by the capability for human assessment of alerts or alarms. The quickest method for gaining visibility into sensitive areas is the use of cameras.
Until recently, CCTV (Closed Circuit Television) technology was the principle means of viewing physical assets. Today, IP Surveillance systems are taking over and providing significant improvements.
In this article, I define IP Surveillance, explore how it works, and list the potential value it brings to your security efforts.
Read the rest of this entry »
Posted in All, Security Management Tips, Security Tech | 2 Comments »
February 23rd, 2006
Microsoft’s new Windows project, code named Longhorn, is supposed to bring many improvements to the enterprise. Not the least of which is better overall security. But possibly the most interesting development is Microsoft’s recent announcement about changes to Active Directory. These changes not only impact how user authentication and authorization are handled in your network. They also impact how you protect yourself on the Internet through the use of what Microsoft calls the Identity Metasystem.
In this paper, I explore the common identity and privacy challenges facing Internet users are they move from one content location to another. I’ll then describe the thinking that led Microsoft down the path leading to its approach to unified identity management for the Internet – our final topic.
Download the full paper
Author: Tom Olzak
Listen to our Podcasts: 
Posted in All, Security Management Tips | No Comments »
February 22nd, 2006
From a security and a general IT perspective there is a not so new and growing threat, unauthorized software. Call it what you like, spyware, adware, malware. The simple fact remains that if it is unsupported and was not installed by the IT staff, it could potentially wreak havoc on your environment. I’m going to give you a quick review of a software solution by SurfControl, who is also known for their solid web filtering solution. Let’s move on to see why Threat shield can help save you from the malware, but can also help save you from your users as well.
Read the rest of this entry »
Posted in All, Reviews | No Comments »
February 21st, 2006
Within the context of information security, Critical Success Factors (CSFs) are objectives or goals that must be met before an organization can provide reasonable and appropriate protection of its information assets. In this article, I explore seven CSFs that lead to an acceptable level of information asset assurance.
Read the rest of this entry »
Posted in All, Security Management Tips | No Comments »
February 17th, 2006
During the past two decades, the shift from paper to electronic filing of business documents introduced a new challenge: meeting the requirements of litigation discovery. Not only are organizations keeping more information; the vast amounts of email messages and other types of documents are typically not organized in a way that facilitates quick, cost effective extraction from personal and enterprise storage.
If you’re responsible for the security of your company’s information, your role extends to protecting documents required by discovery requests. Are you prepared to assure your executive management, or to testify, that you’ve done everything reasonable and appropriate to meet the court’s expectations?
In this article, I explore the challenges of eDiscovery (Electronic Discovery) followed by recommendations that might help avoid the high costs of compliance – or non-compliance.
Read the rest of this entry »
Posted in All, Management Tips, Security Management Tips | No Comments »
February 15th, 2006
To those of us who use it, the Google desktop was a god send. It truly was and is a revolutionary step in productivity and information management. Google’s world class search, but against your PC…..we were all thinking “the internet is good for something!” My personal favorite, the email search has single handedly saved me (and most likely others) hours. As opposed to the slow and un-indexed outlook search. So with all the warm and fuzzies we get from Google and their super neat products, why is a security blog writing about them? Let’s find out.
Read the rest of this entry »
Posted in Security Management Tips | 1 Comment »
February 12th, 2006
In previous articles, I wrote about malicious hackers (crackers) moving away from attacks for bragging rights to attacks for profit. Part of this transition is the increased use of zombie PCs, or bots, to surreptitiously acquire personal and business information with criminal intent. In this article, I describe the nature of bots and botnets, the danger to your organization from these growing threats, and some things you can do to protect your information assets.
Read the rest of this entry »
Posted in All, Current Events, Security Management Tips | No Comments »
Sorting through the Security-in-the-cloud Debate
February 24th, 2006There’s a lot of talk these days about security-in-the-cloud. Security-in-the-cloud is generally defined as protection provided by Internet Service Providers (ISP) that results in only “clean” packets arriving at a subscriber’s perimeter. Positions on the topic range from “it’s a bad idea” to “give everything over to a managed service provider.” Based on my experience as a Director of Security, I have sort of a middle-of-the-road position. In this article, I explore both sides of the managed services debate. I’ll also explain why I believe the most effective solution lies somewhere between the two extremes.
Read the rest of this entry »
Posted in All, Commentary, Security Management Tips | No Comments »