Winter 2011: Password security standards and trendsEmail Alerts
-
Infosecurity 2012 Europe: Conference news and highlights
Get the latest news and important research from the Infosecurity 2012 Europe conference, including coverage on security threats and data breaches. Guide
-
IT in Europe, Security Edition: Smartphone security issues
How can security teams manage devices they don’t control? Find out how to manage smartphone and tablet security threats. Learning Guide
-
Opinion: Firms can’t or won’t address social networking security risks
It's a common refrain: Even companies that are aware of social networking security risks don't do anything about them. Opinion
-
IT in Europe: Information Security Edition e-zine
e-zine
-
IT in Europe, Security Edition: Data Protection Act compliance
DPA compliance grows more challenging in an age of cheap cloud computing, sexy smartphones and personal threats faced by security professionals. Magazine
-
Compromising emanations: Tactics for electronic surveillance detection
In this article, Royal Holloway MSc student Paul Frankland and Prof. Keith Martin examine how compromising emanations can reveal confidential data. Royal Holloway 2011
-
2011 Royal Holloway information security thesis series
This series of articles from recent MSc graduates of the Royal Holloway University of London grapples with a variety of information security topics. Royal Holloway 2011
-
InfoSecurity Europe 2011 coverage
Get the latest news and updates from the 2011 InfoSecurity Europe conference. Feature
-
Ranking the global cyberthreat, IT infrastructure risks
What's the real threat of global cyberwar, and how vulnerable are IT infrastructures? Feature
-
Schneier-Ranum Face-Off on the dangers of a software monoculture
Security experts Bruce Schneier and Marcus Ranum debate the impact of a software monoculture on computer security. Feature
- See More: Essential Knowledge on Threat and Vulnerability Management
-
SOCA takes its website offline in DDoS response
Just days after SOCA shut down carder sites, the agency was the victim of a DDoS attack, leading SOCA to takes its website offline. News | 03 May 2012
-
Infosecurity 2012: Survey proves value of security awareness programme
According to the latest findings from PwC, better end-user security training can pay off in fewer breaches. News | 27 Apr 2012
-
ISBS 2012 report: Security slow to adapt to new technologies
PwC’s ISBS 2012 report, which will be presented at Infosecurity 2012, shows security teams react too slowly to threats from new technologies. News | 20 Apr 2012
-
SIEM deployment case study shows patience is required
Williams Lea’s SIEM is already helping reduce manual log reviews. But there’s still a lot of work to be done before the SIEM can be fully deployed. News | 30 Mar 2012
-
UK IT spending 2012: Security budgets show growth, CompTIA survey says
CompTIA found IT security budgets are growing for most UK organisations. However, UK IT managers report a shortage of skilled security professionals. News | 23 Mar 2012
-
Study: Shnakule, four other malnets caused most 2011 attacks
Huge global malnets, such as Shnakule, were responsible for most attacks in 2011, and Blue Coat predicts they will trigger 66% of all attacks in 2012. News | 19 Mar 2012
-
UK firms have trust in cloud service security, but reality disappoints
UK firms believe moving some IT projects to the cloud will improve their overall security, yet they end up feeling less secure after the move. News | 15 Mar 2012
-
Can a security association bring us all together?
Vendors and government call for security pros from different organizations to work together, but will our competitive nature stand in our way? News | 15 Mar 2012
-
Surveying the landscape of today’s mobile device security risks
The biggest mobile device security risks are not from malware -- at least not yet. Find out the primary concerns of IT pros managing mobile devices. News | 14 Mar 2012
-
New mobile security statistics show consumers fearful of mobile spam
A survey of UK consumers found trust in mobile device security is declining as more users fall prey to mobile spam. News | 09 Mar 2012
- See More: News on Threat and Vulnerability Management
-
Adding cybercrime software demos to security awareness training
Security professionals can use screenshots of cybercrime software in security awareness training to convey the serious threats organisations face. Tip
-
International computer crime requires an international response
As international computer crime increases in scope and organisation, countries must work together to reduce threats from global cybercrime. Opinion
-
Four mobile device security threats and three tools to manage them
Mobile devices pose very real risks to organisations. Rob Shapland outlines four mobile device security threats and three tools to manage them. Tip
-
Stop phone tracking and GPS data leakage
GPS-enabled smartphones and other GPS devices may leak confidential or sensitive data, making it easy for attackers to target your employees. Tip
-
How to prevent unauthorised personnel from hacking voicemail
Keeping attackers out of sensitive corporate voicemails can be as easy as updating PIN policies. Tip
-
Add threat modelling to your Web application security best practices
Among any list of enterprise Web application security best practices, threat modelling is essential. Michael Cobb explains why in this expert article. Tip
-
Cross-site request forgery: Lessons from a CSRF attack example
Cross-site request forgery attacks can lead to serious damage to websites. See how lessons from a CSRF attack example can help prevent these attacks. Tip
-
OpenVAS how-to: Creating a vulnerability assessment report
In this OpenVAS how-to, learn how to use the free scanner to create a vulnerability assessment report and assess threat levels. Tip
-
Nmap tutorial: Nmap scan examples for vulnerability discovery
Learn how to use Nmap, the free network scanner tool, to identify various network devices and interpret network data to uncover possible vulnerabilities. Tip
-
How to stop SQL injection and prevent data compromises
While they're some of the easiest attacks to prevent, SQL injections are also some of the least protected against forms of attack. Learn how to stop them with this advice. Tip
- See More: Tips on Threat and Vulnerability Management
-
Forced browsing: Understanding and halting simple browser attacks
Forced browsing is when an attacker discovers the URL of a restricted webpage. Expert Rob Shapland explains how to halt this browser attack method. Ask the Expert
-
How to prevent Facebook hacking and Twitter hijacking
Organisations should guard against Facebook hacking and Twitter hijacking. Expert Davey Winder discusses Twitter and Facebook security tools that can help. Answer
-
Session fixation protection: How to stop session fixation attacks
Session fixation attacks rely on poorly managed Web application cookies. Rob Shapland answers a reader’s question on session fixation protection. Ask the Expert
-
Open source software security issues: How to review OSS for security
A reader asks how to judge the security of open source software products. Expert Michael Cobb lists three areas to check. Ask the Expert
-
Pwn2Own results: The most secure Internet browser for enterprises
Which browsers are secure enough for enterprise use, and which should be avoided at all costs? In this expert response, Richard Brain examines the results of the 2010 CanSecWest Pwn2Own competition to give browser advice. Ask the Expert
-
How to address a spike in TCP and UDP flows
Have an unusual spike in TCP and UDP flows? Expert Peter Wood explains how to zero in on the problem. Ask the Expert
-
What to look for in a network security audit
What to look for in a network security audit? That's a short question with a big answer, says expert Peter Wood. Ask the Expert
-
How to protect a laptop from spam, viruses
Q&A: Expert Richard Brain explains how to protect your laptop from malware by preventing it from installing in the first place. Ask the Expert
-
How secure are extended validation SSL certificates?
Expert Peter Wood responds to exaggerations about the security of extended validation SSL certificates. Ask the Expert
-
When to use a unified threat management system
Network security expert Peter Wood explains why a unified threat management product may be only one of many tools that an organization should use to fight off malware threats. Ask the Expert
- See More: Expert Advice on Threat and Vulnerability Management
-
Cyber Security Challenge UK
Cyber Security Challenge UK is a not-for-profit British company that runs IT security-related competitions with the aim of attracting talented people to the IT security industry. Definition
-
metamorphic malware
Metamorphic malware is malicious software that is capable of changing its code and signature patterns with each iteration. Definition
-
Centre for the Protection of National Infrastructure (CPNI)
The Centre for the Protection of National Infrastructure (CPNI) is the agency charged with providing advice to any entity within the United Kingdom that owns or operates services or property critical to commerce, public health or security. (Continued... Definition
-
Serious Organized Crime Agency (SOCA)
The Serious Organized Crime Agency (SOCA) is a policing agency dedicated to the identification of criminal activity related to drug trafficking, money laundering, identity theft and immigration. SOCA is based in the United Kingdom. (Continued...) Definition
-
Survey roundup: Trends in IT security topics
Surveys on a variety of IT security topics highlighted key trends in Web application vulnerabilities, cloud computing concerns and the motivations behind attacks. Photo Story
-
USB gadgets and gizmos present data-theft risks
In this video, learn how new USB gadgets and gizmos could be used to siphon off your sensitive data. Video
-
Unified threat management (UTM) integration challenges
In this video, Joel Snyder of Opus One reviews how unified threat management products integrate with host-based protection and network access control devices. Video
-
The trade-offs of unified threat management
Opus One's Joel Snyder reveals a key drawback of UTM. Video
-
Unified threat management vs. intrusion prevention systems
In this video, Joel Snyder of Opus One talks about how unified threat management stacks up against an intrusion prevention system. Snyder reveals the best options for both midmarket organizations and larger enterprises. Video
-
The value of an intrusion prevention system against a Web attack
Yes, an IPS only protects against known attacks, but a little protection goes a long way. Joel Snyder of Opus One takes a few minutes to talk about the true value of intrusion prevention systems. Video
-
CISSP Essentials training: Domain 5, Telecommunications and networking
Prepare for Domain 5 of the CISSP exam by learning about telecommunications and networking. Video
-
The future of exploit vulnerability research
At Information Security Decisions 2008, security researchers discuss the most vulnerable network points and the future of the SDLC. Video
-
NAC and endpoint security: The hard questions
Joel Snyder covers challenging endpoint security questions and explains how NAC technology can address them. Video
-
Video: Scanning with Nmap
Peter Giannoulis takes a look at everybody's favorite, freely available port scanner and OS identifier: Nmap. Video
-
SOCA takes its website offline in DDoS response
Just days after SOCA shut down carder sites, the agency was the victim of a DDoS attack, leading SOCA to takes its website offline. News
-
Adding cybercrime software demos to security awareness training
Security professionals can use screenshots of cybercrime software in security awareness training to convey the serious threats organisations face. Tip
-
International computer crime requires an international response
As international computer crime increases in scope and organisation, countries must work together to reduce threats from global cybercrime. Opinion
-
Infosecurity 2012: Survey proves value of security awareness programme
According to the latest findings from PwC, better end-user security training can pay off in fewer breaches. News
-
Infosecurity 2012 Europe: Conference news and highlights
Get the latest news and important research from the Infosecurity 2012 Europe conference, including coverage on security threats and data breaches. Guide
-
Cyber Security Challenge UK
Cyber Security Challenge UK is a not-for-profit British company that runs IT security-related competitions with the aim of attracting talented people to the IT security industry. Definition
-
ISBS 2012 report: Security slow to adapt to new technologies
PwC’s ISBS 2012 report, which will be presented at Infosecurity 2012, shows security teams react too slowly to threats from new technologies. News
-
SIEM deployment case study shows patience is required
Williams Lea’s SIEM is already helping reduce manual log reviews. But there’s still a lot of work to be done before the SIEM can be fully deployed. News
-
UK IT spending 2012: Security budgets show growth, CompTIA survey says
CompTIA found IT security budgets are growing for most UK organisations. However, UK IT managers report a shortage of skilled security professionals. News
-
Forced browsing: Understanding and halting simple browser attacks
Forced browsing is when an attacker discovers the URL of a restricted webpage. Expert Rob Shapland explains how to halt this browser attack method. Ask the Expert
- See More: All on Threat and Vulnerability Management
About Threat and Vulnerability Management
Vulnerability and threat management are important aspects of an enterprise security solution. Get the latest information about managing threats, how to conduct a vulnerability assessment, vulnerability scanning, testing and assessment tools.