Your search keyword '"SECURITY systems"' showing total 630 results

1. Protect Your Online Services with Big Data and Machine Learning.

Author

Sol, Alisson, Ankney, Don, and Bobukh, Eugene

Subjects

MACHINE learning, BIG data, COMPUTER network security, COMPUTER security, DATA protection, SECURITY systems

Abstract

The article discusses online services protection with machine learning (ML) and Big Data. Topics include an overview of the current available ways such as the Security Development Lifecycle to protect online services, determining natures of attacks by usage data analysis, and performing test attacks for reducing an attack surface.

Published

2015

2. Endpoint Security's Quantum Shift.

Author

Davis, Michael A.

Subjects

*COMPUTER security, *SECURITY systems, *BUSINESS planning, *BUSINESS enterprises, *INFORMATION technology

Abstract

The article discusses ideas for business organizations on how to cope with the changing landscape on the security of their information technology (IT) and data. Overview of the top 10 security products that are important in an organization and the connection problems they often face is provided. Suggestion on the need for organizations to have the right mix of tools and processes to effectively counter threats is provided.

Published

2014

3. What's New in Windows 8.1 for Windows Store Developers.

Author

APPEL, RACHEL

Subjects

COMPUTER software development, CASCADING style sheets, HTML (Document markup language), WEB-based user interfaces, BLUETOOTH technology, SECURITY systems

Abstract

The article focuses on the improvements in the operating system Windows 8.1 created by software company Microsoft Corp. which include Cascading Style Sheets (CSS) media queries, new Extensible Application Markup Language (XAML) project templates and security application programming interfaces (APIs). It mentions the availability of APIs in Windows 8.1 which include Human Interface Devices (HID), Point of Service (PoS) and Bluetooth.

Published

2014

4. Enhance system security with better data-at-rest encryption.

Author

Kleidermacher, David

Subjects

*DATA protection, *COMPUTER security software, *ELECTRONIC data processing, *MEDICAL records, *DATA encryption, *SECURITY systems

Abstract

The article discusses data-at-rest protection to ensure that unauthorized persons do not gain access to sensitive information contained in lost or stolen media like medical records, bank details or government top security information. Mentioned is the most common solution of encryption. Presented are approaches including the choice from multiple layers in the data storage stack, symmetric encryption algorithms or cipher modes and the management of the long term storage encryption keys.

Published

2012

5. Seventeen steps to safer C code.

Author

HONOLD, THOMAS

Subjects

*C++, *PROGRAMMING languages, *COMPUTER software development, *COMPUTER network security, *COMPUTER programming, *SECURITY systems

Abstract

The article offers tips for writing safety-critical C code by using methods derived from C++ and Ada computer programming languages. It mentions that C language can be made a viable choice for safety-critical software development only by applying many good practices and self-imposed rules. It suggests using enums as error types and explains the importance of checking input values. It recommends several tools to use such as Artistic Style 2.01 code formatter and cygwin.

Published

2011

6. Top 10 Pitfalls When Managing Mixed WLANS.

Author

Moerschel, Grant

Subjects

*WIRELESS LANs, *COMPUTER network architectures, *WIRELESS communications, *NETWORK analysis (Planning), *SECURITY systems

Abstract

The article tackles the 10 potentially critical errors when managing mixed Wireless Local Area Networks (WLANs). It notes that the potential pitfalls include failure to understand the application load, lack of environmental planning, inappropriate channel layout and poor architectural planning. It also states that inadequate power and cabling, WLAN security and failure to regard regulatory compliance are also some of the concerns in WLAN administration.

Published

2010

7. Passive Authentication for ASP.NET with WIF.

Author

Bustamante, Michele Leroux

Subjects

APPLICATION software, WINDOWS (Graphical user interfaces), SECURITY systems, COMPUTER users, COMPUTER software

Abstract

The article discusses the use of the Windows Identity Foundation (WIF) platform tool as a passive authentication for ASP.NET applications. It says that federated security aims to provide a mechanism for establishing trust relationships among domains in order for users to authenticate to their own domain while accessing services and applications from another domain. The author adds that WIF supplies different HTTP modules including SessionAuthenticationModule (SAM). The role of an Identity Provider (IdP) in a federated security model is also discussed.

Published

2010

8. Add a Security Bug Bar to Microsoft Team Foundation Server 2010.

Author

Sullivan, Bryan

Subjects

CLIENT/SERVER computing software, COMPUTER security software, COMPUTER software development, ONLINE information services, SECURITY systems

Abstract

The article discusses the benefits of the security bug bar, a security bug classification system used by internal product and online services teams of Microsoft Corp. required by the Security Development Lifecycle (SDL). It emphasizes that the bug bar helps create a secure application, reduce vulnerabilities in software, and address triaging bugs. It also relates how to incorporate such classification system into the user's own development environment using Microsoft Team Foundation Server 2010.

Published

2010

9. Inside PCI Compliance.

Author

Conry-Murray, Andrew

Subjects

*CREDIT cards, *COMPUTERS in business security measures, *CREDIT card processing, *DATA security, *SECURITY systems

Abstract

The article discusses best practices that will help companies prepare for an evaluation of their compliance with the payment card industry (PCI) rules. The first thing to do is to know how the credit card data runs through a system, where it lives in the business and who obtains the access of it. According to Ted Keniston, managing consultant at Trustwave, changes in business management, log management and system configuration must all adhere to PCI requirements.

Published

2009

10. Exploring the .NET Framework 4 Security Model.

Author

Dai, Andrew

Subjects

MICROSOFT .NET Framework, INFORMATION storage & retrieval systems, COMPUTER programming, SECURITY management, COMPUTER security, SECURITY systems, SANDBOXES (Computer science)

Abstract

The article offers information on the improvements made to the .NET security model of the .NET Framework 4. An overview of the scope of the .NET security model is offered, with particular focus on the policy, sandboxing, and enforcement. It notes that the framework software has made changes on Code Access Security (CAS) policy system, the Security Transparency model, and has introduced the Conditional AllowPartiallyTrustedCallers attribute (APTCA) feature for host and library developers.

Published

2009

11. A Conversation About Threat Modeling.

Author

Howard, Michael

Subjects

COMPUTER software developers, CONVERSATION, COMPUTER software development, COMPUTER systems, COMPUTER security, DATA protection, COMPUTER viruses, SECURITY systems, INFORMATION technology

Abstract

The article presents a conversation between Paige, a young, bright software developer and Michael, a simple security guy at Microsoft Corp. about some of the major Security Development Lifecycle (SDL) requirements. Paige plans to build agile software development and communication and wants it to pass the Final Security Review. He wants to make sure any sensitive data is secured and keep any emergency patches to a minimum. Michael was impressed with Paige's plan and the threats he identified. Michael explains that attacks happen and there is really nothing one can do to stop them and that web applications are a big target. Paige updates the threat modeling tool and mentions he will use Kerberos since it is more scalable than NTLM.

Published

2009

12. Take It From The Top.

Author

Baumstein, Avi

Subjects

*SECURITY systems, *COMPUTER software safety measures, *SECURITY management, *INFORMATION technology

Abstract

The article focuses on the importance of privileged account management systems to secure administrators accounts in the U.S. As stated, these system promise to control access to high-level systems and automate password safeguards. In addition, the privileged account management feature set includes generation of a unique, complex, random password and the ability to automatically log in to the client system.

Published

2009

13. Building A Custom Security Token Service.

Author

Leroux Bustamante, Michel

Subjects

COMPUTER software, COMPUTER systems, COMPUTER security, DATA protection, SECURITY systems, DATA security, COMPUTERS, COMPUTER programming management

Abstract

The article provides information about the Microsoft claims-based access platform strategy code named "Geneva," which includes the "Geneva" Framework, "Geneva" Server and Windows CardSPace "Geneva." The Geneva Framework provides developers with tools to build claims-based applications and services that involve tokens issued by a Security Token Service, as well as tools for building a custom Security Token Service and for building Windows CardSpace-enabled applications. Among the technologies which were discussed include Windows Communication Foundation, ASP.NET and Geneva Framework.

Published

2009

14. The Web's New Traffic COP.

Author

Martin, Richard

Subjects

*INFORMATION filtering systems, *WORLD Wide Web, *INTERNET service providers, *INTERNET content regulation, *CONTENT filters (Computer science), *MANAGEMENT, *SECURITY systems

Abstract

The article provides information on Web filtering as a form of protecting one's company from unsuitable Internet content. It features range of tools used by different group of companies to regulate use of company network as well as restrictions on employees' Web activities implemented by Human Resource (HR) and Information Technology (IT) departments. The impact of the Safe Act to ISPs as well as risk management services adopted by companies like Verizon Business and Sprint are also discussed.

Published

2008

15. A Better Approach For Building Claims-Based WCF Services.

Author

Letroux Bustamante, Michele

Subjects

SECURITY systems, COMPUTER networks, COMPUTER security, DATA protection, COMPUTER software, COMPUTER systems, COMPUTER industry, SECURITY management

Abstract

The article discusses a better approach for building claims-based Windows Communication Foundation (WCF) security services through the Geneva Framework. It states that while WCF has always had native support for claims-based security model, the Geneva Framework, formerly called "Zermatt," improves this experience by simplifying access to claims at run time. It mentions that it also offers a mechanism to support claims-based authorization in a manner that is consistent with the role-based authorization principals already available in the Microsoft.NET Framework.

Published

2008

16. Understanding Windows File And Registry Permissions.

Author

Michener, John R.

Subjects

SECURITY systems, COMPUTER security, ACCESS control, WEB browsers, CONSUMER protection, INTERNET, COMPUTER access control, ELECTRONIC information resources, DATA security

Abstract

The article offers information on the usage of integrity labels that are stored in the object's systems access control list (SACL). The low-integrity label is used in labeling Low Rights processes such as LowRights Internet Explorer and pertained untrusted objects. It is stated that using a code sample for launching a low integrity process in the protected mode for Internet Explorer may result into error. In addition, the high and system levels are used in helping isolate those from low and medium processes and objects.

Published

2008

17. Test Your Security IQ.

Author

Howard, Michael and Sullivan, Bryan

Subjects

COMPUTER network security, SECURITY systems

Abstract

A quiz concerning reviewing code for security bugs is presented.

Published

2008

18. Building A Secure AJAX Service Layer.

Author

Esposito, Dino

Subjects

AJAX (Web development technology), COMPUTER architecture, INTERNET programming, WEB development, WEBSITE security, COMPUTER security, SYSTEMS development, SECURITY systems, INTERNET

Abstract

The article focuses on AJAX service layer. It mentions that AJAX and Silverlight have a two-tiered architecture with the front and back ends separated by the Internet, which may result for an unauthorized access between the two layers. Due to this, the author introduces the service layer, an additional layer of code that creates a boundary between two other layers. He declares that an extra layer of service called the AJAX service layer, which consists of ASMX Web services, Window's Communication Foundation (WCF) or representational state transfer (REST), can prevent some of the unauthorized access. Ways on how to implement security in the AJAX service layer are also discussed.

Published

2008

19. PRECISION SECURITY.

Author

Fratto, Mike

Subjects

*COMPUTER security, *INFORMATION technology, *SECURITY systems, *DATA protection

Abstract

The article cites key findings from the 2008 InformationWeek Strategic Security Study regarding the information security risks faced by companies in the U.S. Close to 1,100 business and information technology (IT) were polled about their priorities and plans for ensuring the security of their companies' information assets.

Published

2008

20. Securing VMware.

Author

Hernick, Joe

Subjects

*COMPUTER security, *VIRTUAL networks, *VIRTUAL machine systems, *SECURITY systems

Abstract

The article cites key findings from a 2008 survey on the state of VMware security and the initiatives by industry-leading virtualization vendors to keep users safe in the U.S. It includes an in-depth analysis of security plans specifically developed for protecting virtualized infrastructures, as well as corporate organizations' views on VMs in terms of security risk.

Published

2008

21. Big Brother snapping up video silicon.

Author

Yoshida, Junko

Subjects

*SECURITY systems, *INTEGRATED circuits industry, *SECURITY systems industry, *DIGITAL video, *ELECTRONIC industries

Abstract

The article reports on the growth of the video surveillance market for digital video chip providers. According to a China Security Market Report issued in 2007 by the Security Industry Association, China's security and protection market is projected to increase from $6.3 billion in 2005 to $18 billion in 2010. The article reveals that many in the U.S. financial community has been investing into companies that supply, install and operate surveillance system.

Published

2008

22. PCI And The Circle Of Blame.

Author

Conry-Murray, Andrew

Subjects

*DATA security, *PREVENTION of credit card fraud, *DATA security failures, *SECURED credit cards, *CREDIT cards, *SECURITY systems

Abstract

The article discusses about the Payment Card Industry Data Security Standard. According to the article, it was launched in 2006 by organizations in the private sector to enhance credit card information security. However, it has been realized that there are still problems on the system that it fails to come up with the expectations. It was said that the system has some shortcomings that allow retailers to show compliance without making important changes to their security practices.

Published

2008

23. OFFICE SPACE.

Author

Pattison, Ted

Subjects

WINDOWS (Graphical user interfaces), COMPUTER security, SECURITY systems, DATA protection, INFORMATION technology security, GRAPHICAL user interfaces, UTILITIES (Computer programs), COMPUTER files, COMPUTER software

Abstract

The article highlights new security terms and concepts that are introduced with Windows SharePoint Services 3.0 (WSS). The section aims to give users a jumpstart into the world of security programming using the WSS object model. It discusses the external security principals and the SPUser object of the program, including how to add authenticated and external users, how to work with permission levels, and reports on WSS groups. The column also demonstrates how WSS provides support for WSS groups and presented a few programming techniques for elevating privileges and impersonating WSS users.

Published

2008

24. Resident Evil.

Author

Fratto, Mike

Subjects

*NETWORK PC (Computer), *ACCESS to information, *INFORMATION resources management, *COMPUTER security, *SECURITY systems

Abstract

The article offers information about the final stage of the network access control (NAC) Rolling Reviews which focus on host-based NAC. These reviews aim to solve problems like malware propagation and unauthorize access by adding agents to host and controlling access from the source of the problem. In addition, it is stated that centralized management is the critical factor for successful host-based network access control.

Published

2008

25. Analyze Crashes To Find Security Vulnerabilities In Your Applications.

Author

Abouchaev, A., Hasse, D., Lambert, S., and Wroblewski, G.

Subjects

COMPUTERS, COMPUTER software, COMPUTER security, SECURITY systems, COMPUTER input-output equipment, COMPUTER storage devices, COMPUTER systems, COMPUTERS -- Safety measures

Abstract

The article offers directions on how to analyze program crashes to discover security exposures in applications. It discusses possible causes of programs crashes and considers the possible security implications such as corruption of memory enabling arbitrary code execution or the denial of service. A list of the common software and hardware exceptions that the user might encounter when facing these types of issues are included. Some general guidelines that the user can use during the investigation such as the graphical paths of a given investigation process to assist the user in deciding whether a particular crash is exploitable are also examined. The common causes of crashes such as hardware and software exceptions are also discussed.

Published

2007

26. FOUNDATIONS.

Author

Lowy, Juval

Subjects

COMPUTER network security, INTRANETS (Computer networks), INTERNET, WORLD Wide Web, DATA protection, SECURITY systems, DATABASE security, SYSTEMS design, COMPUTER security

Abstract

The article focuses on five security scenarios that addresses the security needs of most applications. The scenarios are, Intranet Application, Internet Application, Business-to-business Application, Anonymous Application, and No security. The article describes security as the most intricate area of Windows Communication Foundation (WCF). The article provides programming techniques that demonstrate WCF extensibility. WCF offers several options for validating certificates sent by the client, if the certificate is validated, then the client is considered authenticated.

Published

2007

27. A Treacherous Journey.

Author

Dornan, Andy

Subjects

*COMPUTER network architectures, *WEB services, *APPLICATION software, *BUSINESS enterprises, *INFORMATION resources management, *SECURITY systems

Abstract

The article provides information on the growth of service-oriented architecture on Web services network in the U.S. It presents several critical analysis in terms of information technology organization including business organization and business competitiveness. It also introduces independent security gateway vendors that includes A10 Networks, AmberPoint Inc. and Array Networks that are moving towards software and virtualization.

Published

2007

28. LAPTOP LOCKDOWN.

Author

Malykhina, Elena

Subjects

*LAPTOP computers, *BIOMETRIC identification, *SECURITY systems, *HUMAN fingerprints

Abstract

The article reports on how companies can authenticate the use and security of their laptop computers. Though everyone is familiar with biometrics, but it is hardly used by anyone. Fingerprint readers are now included in the laptops from Dell Computer Corp., Hewlett-Packard Co. and Lenovo, either as a standard feature or an option. Another security system is the trusted platform module which is an embedded security chip.

Published

2007

29. SECURITY BRIEFS.

Author

Brown, Keith

Subjects

COMPUTER security, DATA protection, SECURITY systems, COMPUTER systems, ELECTRONIC systems, COMPUTER industry, COMPUTER network resources, COMPUTER networks, ELECTRONIC information resources

Abstract

The article reports on event logging. The event log is from the Microsoft .NET Framework on Windows Server 2003. It was developed and designed for localization and efficiency. In using the event log in .NET Framework, the EventLog class gives access to the event log. An event source could be created while the code is running during installation time. The user could log events when the code is running with lower privilege. The creation of an event source is equivalent to the creation of a registry key. If in case that the user forgot to create an event source, the EventLog.WriteEntry will do it for the user.

Published

2007

30. Secure Your ASP.NET Apps And WCF Services With Windows CardSpace.

Author

Leroux Bustamante, Michèle

Subjects

ONLINE identities, COMPUTER security, COMPUTER passwords, ACCESS control, SECURITY systems, AUTOMATION, COMPUTER software, COMPUTER files

Abstract

The article reports on the Windows CardSpace and information cards. The Windows CardSpace is significant in the identity metasystem, which aids users to identify applications and services easily while identifying the target site to the user and reduce risks related to private information given to unauthorized sites. Windows CardSpace replaces the traditional username and password authentication through the use of a tool that manages the users digital identities. The Windows CardSpace also protects its users from various forms of identity attack.

Published

2007

31. TOMORROW'S SECURITY TODAY.

Author

Greenmeir, Larry

Subjects

*SECURITY systems, *HIGH technology, *TECHNOLOGICAL innovations, *INFORMATION technology, *BIOMETRIC identification, *LOCKS & keys, *COMPUTER security, *SECURITY management

Abstract

The article focuses on the trend in high technology security systems. Security measures are becoming more sophisticated with the linking of physical and information technology security technologies. These include integrated door locks and surveillance cameras, biometric devices that go beyond skin deep for identifying purposes and network systems that are more adept than criminals. However, the success of these systems depend on how they respond to attacks or security threats automatically.

Published

2006

32. New SQL Truncation Attacks And How To Avoid Them.

Author

Neerumalla, Bala

Subjects

SQL, COMPUTER security, DATA protection, SECURITY systems, INFORMATION storage & retrieval systems -- Code words, CHECK safekeeping, COMPUTER systems, COMPUTER networks, COMPUTER software

Abstract

The article discusses SQL truncation and modification attacks. After overviewing data exploitations using SQL first-order or second-order injection, practices for constructing string variables including delimited identifiers and SQL literal strings are discussed. New ways of SQL injection by truncation and truncation modification causing vulnerabilities are presented to help user protect their applications. When using automated tools, it is recommended that all code patterns should be fully understood in order to detect SQL injection by truncation issues.

Published

2006

33. Protect Your Data Via Managed Code And The Windows Vista Smart Card APIs.

Author

Griffin, Dan

Subjects

SMART cards, MICROSOFT .NET Framework, DATA protection, COMPUTER storage device industry, EXPANSION boards (Microcomputers), COMPUTER interfaces, COMPUTER security, SECURITY systems, COMPUTER networks

Abstract

The article discusses windows smart card programming basics. Smart cards are credit card with an embedded microchips. Due to privacy protection demands and password-replacement technologies, Bill Gates demonstrated a product that uses APIs called Microsoft Certified LifeCycle Manager on the TSA 2006 Conference. Plug-in model called Card Module API allows smart-card-aware applications to be card-type-agnostic. It addresses card incompatibility issue by providing a file-system-like interface plus additional routines to expose the crypto-related authentication requirements. Discussions on App roadmap, winSCard API wrapper, getSmartCard helper routine and card module API wrappers are presented. Factors considered in transactions management and sequences used are enumerated.

Published

2006

34. Uncover Security Design Flaws Using the STRIDE Approach.

Author

Hernan, Shawn, Lambert, Scott, Ostwald, Tomasz, and Shostack, Adam

Subjects

SECURITY systems, TECHNICAL specifications, THREATS, COMPUTER software, COMPUTER security, DATA protection, COMPUTER crimes, MAINTENANCE

Abstract

The article discusses the STRIDE approach in uncovering security design flaws. STRIDE is a systematic approach to threat modeling in the Security Engineering and Communications group at Microsoft which stands for Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service and Elevation of Privilege. Security properties including confidentiality, integrity, availability, authentication, authorization and non-repudiation are described and the corresponding threats threat is presented. The author states that using STRIDE model, designing secure software will be simplified. Importance of executive support, implementation, testing, building and delivering, and servicing and maintenance in the system security are also emphasized.

Published

2006

35. MEASURE YOUR RISK IQ.

Author

Apgar, David

Subjects

INFORMATION technology, RISK management in business, MANAGEMENT, INFORMATION resources management, COMPUTER security, DATA protection, SECURITY systems

Abstract

This article presents a five-step approach to help businesses prioritize information technology (IT) project portfolios before mitigating any risks. It explains that it is not enough for businesses to just assess security risks, rather they must know how good these assessments are. It is important for business to know their limitations. This is so because not all risks are equal, so chief information officers should not regard them are interchangeable and not to act as if their IT team were all good at monitoring them all. IT team should always investigate customer-privacy complaints.

Published

2006

36. SECURITY'S BIG SPEND.

Author

Brown, Patricia

Subjects

COMPUTER security, DATA protection, SECURITY systems, INFORMATION technology, ACCESS control, FINANCE companies

Abstract

This article focuses on the growth in information technology (IT) and computer security budgets of companies in the U.S. Firms in the financial services industry lead in the percentage of their IT budget that is allocated for security. Rob Webb, chief technology officer and chief information officer at Equifax, is typical of executives handling IT. Webb is spending a good portion of his IT budget for security. For many of these firms IT security investment is not being looked as purely spending but rather as opportunity for innovation.

Published

2006

37. Post 9/11, technology keeps us a step ahead.

Author

Johnson, R. Colin

Subjects

*SECURITY systems, *SECURITY management, *SEPTEMBER 11 Terrorist Attacks, 2001, *DETECTORS, *COUNTERTERRORISM, *TECHNOLOGICAL innovations

Abstract

The article discusses on the impact of technological innovations in the field of security devices five years after the September 11 attacks. The U.S. has spent billions on technology upgrades to detect and defuse new terrorist threats but the question remains if these technologies are deployed effectively. INSET: For security apps, no experimental sensor is too novel.

Published

2006

38. Your Field Guide to Designing Security Into Networking Protocols.

Author

Pustilnik, Mark and Roths, Andrew

Subjects

SECURITY systems, DESIGN, COMPUTER network protocols, DATA protection, ALGORITHMS, SEMANTICS, CYBERTERRORISM, ACCESS control, TECHNOLOGY

Abstract

The article presents the rules or guides in security design of new communications protocols. Protocol is defined as the standard that makes connection, communication and data transfer between two computing endpoints possible and includes state machines, cryptographic algorithms, semantics and others. Likewise, the article discusses the design for communication security, prevention of the man-in-the-middle-attacks such as Address Resolution Protocol (ARP) poisoning, compromised secure transports and preparation to version the protocol.

Published

2006

39. SECURITY BRIEFS.

Author

Brown, Keith

Subjects

COMPUTER security, WINDOWS (Graphical user interfaces), COMPUTER software, SECURITY systems, ELECTRONIC surveillance, CONFIDENTIAL communications, DATA encryption, SYSTEM integration, KEYSTROKE timing authentication

Abstract

The article discusses computer security protection in Windows computer programs, particularly the Windows Communication Foundation (WCF). Basic security features are provided by the WCF in terms of confidentiality, integrity, and authentication. Confidentiality makes sure that messages are encrypted so that anyone who wishes to spy cannot read the contents of the messages. Integrity ensures that one uses the keyed hash to perform a checksum on the contents of each message so that tampered message could be tracked. And authentication comes into determine the computer user or Windows client's identities. INSET: Configuring a Service Principal Name.

Published

2006

40. What You Need To Know About Using Office As A Development Platform.

Author

Whitechapel, Andrew and Peltonen, John

Subjects

MICROSOFT software, APPLICATION software, COMPUTER software development, COMPUTER software, SYSTEMS design, SOFTWARE protection, SECURITY systems, COMPUTER software industry

Abstract

The article offers information about the Microsoft Office software as a development platform, which provides a framework of computer applications. As a development platform, Microsoft office considers several factors, including reliability, scalability, security, deployment, timeliness, and reusability. Reliability covers the degree of robustness of the application programs, protection from rogue customizations, and the server software standards. Meanwhile, Microsoft Corp.'s newly released 2007 Office features a more understandable, transparent, and easy to administer security systems.

Published

2006

41. INVINCIBLE.

Author

Greenemeier, Larry

Subjects

*COMPUTER security, *SECURITY systems, *DATA protection, *COMPUTER viruses

Abstract

The article reports on the results of the periodical's ninth annual Global Security Survey showing across-the-board threats to business computing environments. 57 percent of respondents in the U.S. reported being hit by viruses in the past year. Network attacks and identity theft were experienced by nine and eight percent, respectively. Yet computer security professionals think that they have got worms, data breaches and other threats under control.

Published

2006

42. Standing Guard.

Author

Wayne, Rick

Subjects

*COMPUTER software, *COMPUTER security, *DATA protection, *SECURITY systems

Abstract

The article reviews the vulnerability scanning software AppScan 6.0 from Watchfire.

Published

2006

43. Anatomy Of A Break-In.

Author

Winkler, Ira

Subjects

*COMPUTER network security, *COMPUTER security, *DATA protection, *FIREWALLS (Computer security), *SECURITY management, *SECURITY systems

Abstract

The article discusses the author's views about a large multinational company, which underwent a full security audit. The simulated espionage yielded the following recommendations: According to the author, one should always demand authorization and verification from a company employee or sponsor for a person to receive a facility access card. The company should establish security awareness programs that include both physical and technical issues. The company should also maintain audit logs for critical systems and review them regularly. INSET: Is Hiring A Crook Worth The Risk?.

Published

2006

44. feedback.

Author

Crego, Julie, Helvey, Thomas, Haven, Richard C., Hudson, Tom, Ruiu, Dragos, Loder, Chad, Wieder, Alex, and Knighton, Craig

Subjects

*LETTERS to the editor, *OFFSHORE outsourcing, *CHIEF information officers, *CIVIL service, *SECURITY systems

Abstract

Presents letters to the editor referencing articles and topics discussed in previous issues. "Outsourcing Works," which marketed offshoring; "Spectacular Falls," which commented on chief information officers in government; "False Protection," which focused on security vulnerabilities in security products.

Published

2005

45. False Protection.

Author

O'Connell, Laurie

Subjects

*DATA protection, *APPLICATION software, *COMPUTER security, *SECURITY systems, *COMPUTER software

Abstract

This article discusses a variety of issues concerning security software. The nature of security software makes it an inherently enticing target. Developers of security software must conduct early and frequent design review, run nightly regression tests and frequent code base reviews, analyze component authentication and perform checkpoint review with security-knowledgeable people. When selecting a software security system or vendor, demand hard evidence of best practices and a comprehensive method of detecting and repairing problems that might arise.

Published

2005

46. The Security Barrier To Mobile Computing.

Author

Signorini, Eugene

Subjects

MOBILE businesses, TELECOMMUTING, CHIEF information officers, COMPUTER security, SECURITY systems

Abstract

An ever-expanding mobile workforce requires CIOs to stay aware of wireless-security technologies. Companies should develop policies to ensure network security both inside the company premises and well beyond. [ABSTRACT FROM AUTHOR]

Published

2005

47. SECURITY BRIEFS.

Author

Brown, Keith

Subjects

KEYSTROKE timing authentication, COMPUTER software, COMPUTER security, DATA protection, SECURITY systems

Abstract

Writing a custom GINA, the Graphical Identification and Authentication component, is not easy. MSGINA is a very complicated piece of machinery, and replacing it is not trivial. It is the aim of this article to discuss how to customize GINA and how to implement each of the GINA entry points. The author enumerates further several functions that WinLogon will call in GINA.

Published

2005

48. RFID'S SECURITY CHALLENGE.

Author

Claburn, Thomas, Hulme, George V., and Sullivan, Laurie

Subjects

*RADIO frequency identification systems, *SECURITY systems, *SECURITY management, *COMPUTER security, *INVENTORY control

Abstract

The article discusses the data security system in Radio Frequency Identification (RFID). Businesses and vendors alike acknowledge that security remains a question mark and that it has taken a backseat to the focus on bottom-line results and returns on investment for RFID enabling their supply chains, for now. However, with a technology as ubiquitous as radio-frequency identification will be, there's great potential for damage, warns Salil Pradhan, chief technology officer of RFID technology at HP Labs.

Published

2004

49. Mind Those Passwords!

Author

Brown, Keith

Subjects

COMPUTER passwords, INTERNET, WEBSITES, COMPUTER security, SECURITY systems, DATA protection

Abstract

Passwords are necessary evils. What you need to do is choose a unique password for each and every Internet site you visit. Ideally, this password should be as long as allowed by the site, complex, and preferably randomly generated. Of course, there are very few humans in the world who can randomly generate a complex password without the help of a tool. This article describes a tool, Password Minder that can solve this problem.

Published

2004

50. THE NEW ECONOMICS OF INFORMATION SECURITY.

Author

Gordon, Lawrence A. and Richardson, Robert

Subjects

*COMPUTER security, *SECURITY systems, *NET present value, *RATE of return, *EXTERNALITIES, *COST effectiveness, *ECONOMICS

Abstract

Discusses the need for information security managers to examine the economics of security to protect their companies. Indirect costs and negative impact of lack of security on companies' reputations; Use of return on investment and net present value to economically justify information-security investments; Advantages of using net present value; Problem of externalities; Information sharing issues. INSET: CYBERCRIMES' TRUE PRICE: Crime may not pay, but someone has to....

Published

2004