Security | Tek Tips Whitepaper Library

Subscribe to Security

Individual Standards like Oxymorons
by Tek-Tips

The maze of security companies and security widgets just got smaller, or did it? What was considered a dozen years ago as a fait accompli, a security business standard, is now a full blown cold war with Red Queens on treadmills trying to keep consumer confidence cranking. If there is a strategic pla...

Join the discussion

SMCI Widget and growsmartbusiness.com by Network Solutions Still Serving Malware, Part 1/2
by Wayne Huang

by Wayne Huang, Fyodor Yarochkin, NightCola Lin, Chris Hsiao of Armorize. Screenshot 1 The beginning of this year saw mass Web hosting compromises across numerous hosting providers; thousands of websites were compromised via vulnerabilities in shared hosting providers and as a result, wer...

Join the discussion

Four Key Benefits of ISO 27001 Implementation
by Dejan Kosutic

Have you ever tried to convince your management to fund the implementation of information security? If you have, you probably know how it feels – they will ask you how much it costs, and if it sounds too expensive they will say no. Actually, you shouldn’t blame them – after all,...

Join the discussion

Information Security or IT Security?
by Dejan Kosutic

One would think that these two terms are synonyms – after all, isn’t information security all about computers? Not really. The basic point is this – you might have perfect IT security measures, but only one malicious act done by, for instance, administrator can bring the whole I...

Join the discussion

Problems with Defining the Scope in ISO 27001
by Dejan Kosutic

You probably knew that the first step in ISO 27001 implementation is defining the scope. What you probably didn’t know is that this step, although simple at first glance, can sometimes cause you quite a lot of trouble. Namely, a lot of companies are trying to decrease their implementation ...

Join the discussion

Shavlik Statement on Today’s Patch Tuesday Releases
by Jason Miller

Microsoft has released 4 new security bulletins in the July 2010 edition of patch Tuesday. These bulletins address 5 vulnerabilities. It is not uncommon, and has become expected, for a light patch Tuesday to follow a heavy patch Tuesday release from Microsoft. Last month, Microsoft released a heft...

Join the discussion

“Compliance” setting your whole security strategy is wrong….
by Drazen Drazic

We’ve talked quite a bit about PCI DSS compliance here. Generally, we’ve looked at what is going wrong, what can go wrong and from there, what organisations should be considering to do it better. Looking at it from a slightly different perspective here but not wholly new either - we̵...

Join the discussion

Risk Assessment Tips for Smaller Companies
by Dejan Kosutic

I have seen quite a lot of smaller companies (up to 50 employees) trying to apply risk assessment tools as part of their ISO 27001 implementation project. The result is that it usually takes too much time and money with too little effect. First of all, what is actually risk assessment, and what i...

Join the discussion

Shavlik Statement on June Patch Tuesday
by Jason Miller

"Today’s Patch Tuesday could be one of the more challenging ones for IT administrators this year. Today, Microsoft has released 10 new security bulletins for the June 2010 edition of patch Tuesday. These 10 bulletins address a total of 34 vulnerabilities. Two security advisories have be...

Join the discussion

Similarities and differences between ISO 27001 and BS 25999-2
by Dejan Kosutic

At first glance, information security and business continuity don’t have much in common – some would add that the only similarity is that they are both about IT. Information security management is best defined in the International standard ISO/IEC 27001, while business continuity mana...

Join the discussion

Advantages of Managed Security Services
by MegaPath

Cloud services via MPLS networks provide high security at low cost. Learn how today’s distributed organizations are struggling with the increasing sophistication, proliferation and severity of network security threats. With security protection from MPLS-based Managed Security Services, compani...

Join the discussion

The MPLS Network: A Future-Proof Engine for Voice-Data Convergence
by MegaPath

Addressing network traffic trends with new opportunities for business communications. The convergence of voice and data on a single wire is perhaps the most exciting network development since the invention of the private branch exchange (PBX). Over the past decade, Multi Protocol Label Switching (MP...

Join the discussion

Sorting Out the Alphabet Soup of VPN Solutions
by MegaPath

A practical approach to assessing WAN technologies that support your distributed organization’s diverse needs. Distributed organizations are facing the challenge of finding VPN WAN solutions that support the proliferation of branch offices and mobile workers along with the successful deploymen...

Join the discussion

How to Choose a Managed Network Services Provider
by MegaPath

6 Best Practices to Ensure a Thorough Evaluation. There comes a point when every organization must make a decision. For small and midsize businesses: should we really be managing our network ourselves? For larger enterprises: what aspects of managing the network should be outsourced? Read this white...

Join the discussion

Shavlik statement on Microsoft’s re-release of MS10-106 patch for Microsoft Producer 2003
by Jason Miller

Microsoft has re-released MS1-106 which was originally released during the March 2010 version of Patch Tuesday. When the bulletin was released, Microsoft stated that Microsoft Producer 2003 contained the vulnerability. But, Microsoft chose not to supply a patch for the vulnerability. With this re-...