InformationWeek Reports : Regulatory Compliance

Strategy: SIEM

Sat, 04 Feb 2012 01:46:58 -0500

A security information and event management system serves as a repository for all the security alerts and logging systems from a firm’s devices. But this can be overkill for a company that is understaffed or has overestimated its security information needs. In this report, we discuss 10 questions to ask yourself in determining whether SIEM makes sense for you—and how to pick the right system if it does.

Strategy: Database Defense

Sun, 29 Jan 2012 01:10:15 -0500

The biggest threat to your company’s most sensitive data may be the employee who has legitimate access to corporate databases but less-than-legitimate intentions. And while the incidence of insider data breaches has decreased, external attacks often imitate them—and do serious damage. Follow our advice to mitigate the risk.

InformationWeek Healthcare: February 2012

Fri, 27 Jan 2012 12:55:53 -0500

Transforming Healthcare -- Mobile Apps Help Cut Costs -- Personalized Medicine's Trade-Offs -- Pay For Performance

Research: Data Encryption

Fri, 20 Jan 2012 04:53:49 -0500

Just 36% think they're ahead of the encryption curve, and now the cloud and mobility are adding new wrinkles to an already complex and difficult-to-implement technology. Meanwhile, just 47% have made mobile-device encryption a priority. Our take: This tech may just be the key to achieving the magical ROI promised by cloud services and mobility programs.

Strategy: Smartcards

Tue, 17 Jan 2012 04:20:52 -0500

Recent compromises of smartcard data have exacerbated concerns about the technology’s privacy, security and standards (or lack thereof). Yet the promise of smartcards is too compelling to ignore. New technologies and applications prompt us to take a fresh look.

Strategy: HIPAA Security

Wed, 04 Jan 2012 12:32:39 -0500

IT professionals can make tremendous progress on security initiatives using the HIPAA Security Rule for leverage. We show you how.

Strategy: Stop Illicit Data Dumps

Wed, 04 Jan 2012 11:59:16 -0500

There are no silver bullets when it comes to protecting company and customer data from loss or theft, but there are technological and procedural systems that will go a long way toward preventing a WikiLeaks-like data dump.

Strategy: SOX Security

Mon, 12 Dec 2011 06:18:35 -0500

We share 10 best practices to meet Sarbanes-Oxley security-related requirements and help ensure you’ll pass your next compliance audit.

Strategy: Tablet Security

Mon, 05 Dec 2011 09:57:33 -0500

As businesses rely increasingly on tablets for the productivity benefits they provide, IT must address the security challenges the devices present.

Strategy: Email Security

Fri, 02 Dec 2011 03:14:13 -0500

Email encryption, rights management, email gateways and full-on data loss prevention systems can keep corporate data secure. Consider the pros and cons of each to determine what’s best for your business.

Advanced Trading Digital Issue: December 2011

Wed, 16 Nov 2011 02:44:43 -0500

In the wake of the 2008 global financial crisis and bank bailouts, and amid ongoing economic uncertainty and soaring unemployment, regulators across the globe continue to take aggressive action to right the markets, and high-frequency trading is public enemy No. 1. The most recent regulation to target HFT is MiFID II, an update of the original directive. Advanced Trading's December digital issue surveys the intensifying regulatory landscape on Wall Street and breaks down what it takes for buy-side firms to succeed in today's brave new world.

Strategy: Database Access

Tue, 15 Nov 2011 11:35:54 -0500

Role-based access control based on least user privilege is one of the most effective ways to prevent the compromise of corporate data. But proper provisioning is a growing challenging, due to the proliferation of big data, NoSQL databases and cloud-based data storage.

Insurance & Technology Digital Issue: December 2011

Wed, 09 Nov 2011 05:48:56 -0500

The insurance industry faces a period of unprecedented regulation. Carriers that can quickly react to changing compliance demands and produce a timely, accurate picture of their financial positions can compete on the strength of greater agility and efficiency. Insurance & Technology's latest digital edition explores how forward-looking insurers are pursing the transparency, risk controls and data insight that are the hallmarks of the new regulatory environment.

Strategy: Patch Management

Wed, 02 Nov 2011 11:25:06 -0400

It’s no longer sufficient to patch just Windows, Office and IE. With the massive array of applications now residing on enterprise PCs, and the proliferation of mobile and cloud-based applications, your business is far too vulnerable to exploitation unless you have a solid strategy for patch prioritization, deployment and quality assurance. Follow these steps to put your plan in place.

Research: Mobile Device Management

Fri, 28 Oct 2011 04:22:21 -0400

The only constant in mobility nowadays is change. Former market leaders such as RIM and Microsoft are now followers straining to keep pace with consumer-driven operating systems from Google and Apple. Almost 80% say tablets will grow in importance. No two platforms have the same security and management hooks, yet your end users are demanding email, calendaring, VPN access and much more—64% are on board with custom apps. This is changing the face of computing—and terrifying the IT managers charged with providing productivity tools while maintaining control of sensitive data.

Strategy: Biometrics

Wed, 26 Oct 2011 04:20:23 -0400

As data volume and sensitivity grow, companies cannot rely on password- and token-based authentication.
Biometrics can be used to provide strong access control, but you must weigh added complexity and costs against assurance that users are who they say they are.

Strategy: Security via PCI Compliance

Mon, 17 Oct 2011 06:19:53 -0400

By teaming up with peers on the compliance side, doing appropriate scoping and preparation, and paying attention to emerging standards, security practitioners can leverage PCI compliance activities to improve the security game of the company as a whole.

Strategy: Secure SDLC

Mon, 03 Oct 2011 06:16:54 -0400

The application layer has long topped the attacker hit list, and we continue to hear about data breaches exploiting software vulnerabilities. Yet secure application development remains a low priority in most enterprises. In this report, we provide a blueprint for making security an integral part of the software development life cycle.

Strategy: Malware Analysis

Tue, 20 Sep 2011 01:52:03 -0400

Vulnerability management identifies and closes exploitable holes in your enterprise network. But some systems remain vulnerable, and traditional antivirus and perimeter defenses are proving less effective against sophisticated malware, targeted attacks and zero-day exploits. In this report, we show you how malware analysis, tied closely to incident response, is an essential complement to enterprise vulnerability management programs.

Strategy: Hardware-Based Authentication

Thu, 01 Sep 2011 11:36:05 -0400

Tokens, smartcards, biometrics and other hardware-based authentication technologies provide a significant layer of security for sensitive enterprise data. But the wrong choice, or a mishandled implementation, can mean unexpected costs and management overhead, device failure and user rejection. We explore the pros and cons of the various technologies, and help you choose the right approach for your company. Plus: Best practices in the wake of the SecurID breach.

Best Practices: Healthcare Cloud Services

Mon, 22 Aug 2011 12:27:18 -0400

With the fed offering healthcare organizations billions of dollars to improve their IT systems, providers are taking a closer look at their EHRs, practice management systems and e-prescribing programs to determine how to make the most of the financial incentives. Many are trying to decide if it makes more sense to use a cloud service for some or all of their applications. Here, we advise large practices and hospitals on the advantages and disadvantages of moving to the cloud.

Strategy: Security via Compliance

Fri, 12 Aug 2011 01:55:36 -0400

IT often views compliance as a burden, but it doesn’t have to be that way. By embracing government and industry requirements and working with the teams responsible for enforcing them, IT can strengthen company security and help fund critical business initiatives. We show you how to partner with the compliance pros.

Advanced Trading Digital Issue: July 2011

Wed, 20 Jul 2011 10:09:02 -0400

PROP OR NOT? The Dodd-Frank Act represents the most sweeping regulatory changes to the U.S. financial system in decades. And the biggest changes of all will likely be brought about by the Volcker Rule, which will ban banks from proprietary trading. But how regulators define prop trading is likely to change the way the buy side trades and reshape the future of the Street. Advanced Trading's July digital issue takes an in-depth look at how sell-side firms are preparing for the Volcker Rule and provides some insights into what it all might mean for the buy side.

Strategy: Stop SQL Injection

Mon, 11 Jul 2011 02:47:02 -0400

SQL injection is among the most prevalent—and most dangerous—techniques for exploiting Web applications and attacking back-end databases that house critical business information at companies of every size. And it persists despite relatively simple and effective countermeasures. Here, we explain how SQL injection works, and how to secure your Web apps and databases against it.

Strategy: Cloud SLAs

Fri, 01 Jul 2011 03:36:58 -0400

As enterprises ramp up cloud adoption, service-level agreements play a major role in ensuring quality enterprise application performance. Follow our four-step process to ensure providers live up to their end of the deal.