SECURITY

Security Risk Management Case Study: AT&T

Security Risk Management Case: AT&T Deploys Vulnerability Management Solution

Serving 40 million residential customers and another 4 million businesses, AT&T operates the largest

telecommunications network in the world. For many consumers and businesses, AT&T is a comprehensive provider of

network services that underpin the quality of their life and ensure the effective connectivity of their businesses. People

and organizations around the world have come to count on the reliability, high-availability and security of the AT&T

network for their voice and data communications.

Download this White Paper now to learn more.

Continuity of Operations Strategies in the Federal Government

Inter-agency collaboration has an Achilles’ heel. The vulnerability is revealed when an employee is depending on another agency’s application and it suddenly disappears, or when a response team scrambles to establish an emergency voice and video conference with leaders, managers, and decision-makers in far-flung national global offices, all using different communications systems.

To realize the promise of collaboration, federal agencies need to approach it in a way that achieves continuity of operations (COOP) programs while avoiding the perils of more potential points of failure.

While collaboration unquestionably supports government transformation by helping agencies deliver services more effectively and efficiently, it simultaneously introduces new technology concerns related to resilience. That is, a disruption to one agency’s network, applications, communications, or workforce must not disrupt the operations of that agency or its partners.

Learn more about how Cisco's Solutions help the Fedaral Government sustain inter-agenency cooperation by reading this whitepaper. Read more.

Continuity of Operations Strategies in the Federal Government Part 2

At the heart of a growing collection of privacy regulations for
public and private sector organizations is the issue of public trust.
Storing mountains of information electronically and transmitting
it online multiplies the risks of inadvertently disclosing that
information. The consequences of loss of privacy for federal
agencies are grave, ranging from loss of citizen trust to
compromised homeland security. In acknowledgement of the
magnitude of the problem, government has implemented a spate
of privacy regulations discussed later in this report.

It’s important to recognize that privacy does not become optional
in the event of disruption. Arguably, it becomes even more
important because decision-makers might need to collaborate
across organizational boundaries not ordinarily crossed during
normal operations. To ensure that information can flow between
organizations freely and expeditiously during emergencies or other
disruptions, federal agencies cannot afford to rely on timeconsuming
manual security processes requiring human oversight.
Rather, they need integrated security technologies that facilitate
rather than hinder inter-organizational collaboration. Therefore,
privacy and security are inextricable from federal government
continuity of operations (COOP) planning.

Learn more about how Cisco's Solutions help the Fedaral Government sustain inter-agenency cooperation by reading this whitepaper.

Continuity of Operations Strategies in the Federal Government Part 3

Paradoxically, continuity of operations (COOP) becomes most
challenging when it’s most urgent: on the battlefield, in
emergencies, and during disasters. In these situations, federal IT
groups must augment day-to-day COOP requirements —
resilience, security, and privacy-with additional attributes. These
include the ruggedness to continue operating despite adverse
environmental conditions or network events; the portability to send
actionable information to first responders or military personnel on
the move; and rapid deployment in temporary or mobile command
centers. Ensuring COOP in these conditions is required for
Department of Defense (DoD) network-centric operations (NCO)
and network-centric warfare (NCW) strategies as well as for
response to non-combatant emergencies and disasters.

A Larstan Business Reports survey of 533 government IT
professionals revealed federal government agencies’ attitudes and
progress in integrating COOP into challenging military
combatant, military non-combatant, and civilian environments.
Most survey respondents acknowledged that ruggedness,
portability, and rapid deployment are crucial qualities for their
organizations to operate effectively, with 87% of intelligence or
military combatant, 75% of military non-combatant, and 78%
of civilian agencies agreeing or strongly agreeing. It’s unsettling
that 25% of civilian and 23% of military/non-combatant
agencies do not recognize the importance of rapid deployment as
crucial for effective operations. Events such as the explosion of
the Columbia space shuttle, natural disasters, hazardous materials
spills, building contamination, and disease outbreaks demand
rapid establishment of command centers and effective voice,
video, and data communication with mobile personnel called to
respond to the disruption.

Learn more about how Cisco's Solutions help the Fedaral Government sustain inter-agenency cooperation by reading this whitepaper.

Security Threat Management

This White Paper explores trends that are creating requirements for a proactive and automated approach to managing threats to critical information assets. It introduces the concept of Security Threat Management (STM) as a critical component of an integrated lifecycle management framework for effective security management. It demonstrates how a more strategic approach to managing information about security events can elevate the security posture of organizations while reducing the operational costs associated with security management. Finally, it describes the technological requirements for
implementing STM to achieve organizational security objectives in a rational manner. Read more.

Achieving Effectiveness in Information Protection

Since the effort toward definition of information security practice began in the early 1990s, the issues and approaches have been continuously evolving. The ability to demonstrate effectiveness in information security is no longer an option, but an imperative in the interconnected ecosystem that enables business. The update to BS 7799 recently released by ISO/IEC provides an excellent foundation toward defining an Information Security Management System (ISMS). An understanding of the standard’s recommendations for demonstrating effectiveness of the ISMS is essential to realize the full potential of this definition and standardization of information security practice across businesses. The benefits of implementing measurement-based ISMS will only increase as demands for assurance of sound information management practices intensify.
Companies will be well-served to start now with an ISO/IEC 27001 based ISMS implementation. Read more.

Preparation For 9/11 Anniversary

On August 10, 2006, officials in London arrested 22 people that were alleged to be plotting to blow up 10 airplanes leaving Heathrow for destinations in the United States. On August 23, 2006, Northwest flight NO0042 from Amsterdam to Mumbai reversed course and returned to Amsterdam. 12 people on the flight were arrested due to suspicious behavior. These incidents serve as a stark reminder that extremists in terror networks are focused on attacking and debilitating the United States and other countries around the world.

Analysis
The facts will continue to emerge from these cases and in the meantime we need to assume that the plots were real and could have had a substantial impact with respect to both human loss and the global economy. Read more.

Choosing a Network Access Control Solution that is Right for your Network

Are you confused about Network Access Control? You are not alone. Today's enterprises are facing a growing challenge in securing access to their networks as the number of corporate mobile users and contractors is increasing exponentially. Adding to this challenge is the difficulty of integrating network security solutions into existing complex and diverse enterprise network infrastructures. Download this infomative whitepaper and learn how you can best prepare for choosing and implementing the network access control (NAC) solution that is right for your network. In addition, you'll learn: 1. How to determine your organization's priorities and objectives for a NAC solution. 2. The major differences between NAC solutions on the market today, including inline vs. out of band, client vs. clientless, etc., and the pros and cons of such approaches. 3. How to conduct an onsite evaluation to determine the best solution for your enterprise. 4. The implementation challenges faced by top enterprises. Read more.

Web Application Security - Continuous Testing of Production Web Applications

Web application security is a key top-of-mind concern for general managers, CISO’s, CIO’s and security staff for businesses ranging from Fortune 100 multinationals to educational institutions. Widespread data breaches and intellectual property thefts have left few organizations untouched or unaware. Almost 70% of the vulnerabilities disclosed each month shows information security teams the importance of focusing on Web application security. Read more.

Enabling Security in the Software Development Life Cycle (SDLC)

New security vulnerabilities are found almost daily. When they are, the affected software must be retrofitted with an appropriate patch while companies fend off the wrath of customers. Applications have become the most fertile ground for attackers to ply their trade -- seeking out the seemingly innocuous features and utilities in today’s complex systems that can give them unauthorized access. Each newly discovered vulnerability results in a frantic patch, halfway deployed, that potentially opens up another hole -- all taking days, weeks, or months to implement throughout an installed base. Meanwhile, new vulnerabilities continue to be found, making the game of catch-up never-ending. The critical place to address security vulnerabilities is in the software development process. This white paper discusses the challenges of enabling security in the software development process and introduces Cenzic’s solution to automate security quality assurance with its five-step methodology. Read more.

Web Application Security:The Truth About White Box Testing vs. Black Box Testing

Security teams are dealing with this ominous challenge with a myriad of solutions, some highly ineffective. However, as the market matures, companies are applying somewhat effective, but not complete solutions like white box testing tools. Ultimately the challenges of architecture, API usage, and integration prevent white box testing tools from having a truly direct impact on the overall security of an application. It’s critical to understand that white box analysis tools do not directly find all the risks inherent in applications—period. This paper explores the role of white box vs. black box testing. White box testing technologies have a definite but limited use and value. From a Web application security perspective it must be understood that significant blind spots come with white box testing. Ultimately white box testing is not sufficient to secure your applications: simply put organizations that rely solely on white box technologies will be exposed to vulnerabilities in their applications, thus making it an ineffectual method of testing real-world risks. This paper will demonstrate black box or dynamic testing is ultimately the appropriate solution for “truly” securing Web applications. Read more.

Testing for Cross-Frame Scripting

For financial institutions, the risk of doing business on the Internet has recently changed somewhat dramatically as attackers increasingly target the users of such institutions directly, thus bypassing the hardened security infrastructures of these institutions. Electronic attackers and cyber criminals have strategically shifted the security playing field to one clearly in their favor - exploiting the lack of security knowledge on the part of the vast majority of users and a large footprint of potential vulnerabilities, tools, and code to leverage and exploit. As customers, investors, and governments hold insecure companies accountable, these companies are being held liable for client side and user social engineering vulnerabilities. Being able to find and counter these threats must become a business imperative. This is especially true of financial institutions; people will not keep their money where they think it’s unsafe regardless of the technical specifics. The mere appearance of lax security could easily encourage otherwise satisfied customers to switch to a competitor that appears more secure. As if the choice of playing field hadn’t already stacked the deck against the network’s defenders, the lack of tools, time and expertise make it a truly daunting situation indeed. None of this information is new, nor is the security cliché that there is no absolute security, but novelty doesn’t imply or confer truth or effectiveness – the only absolute in security is the need for diligence. Along these lines, Cenzic believes it can assist large institutions in their efforts increase security diligence in the area of Web application security, generally, as well as, specifically, in regards to the Cross-frame Scripting Vulnerability in Internet Explorer discovered by iDefensei. Read more.

Introduction to Encryption

Introduction to Digital Rights Management - DRM

PDF Security and Encryption

Web security is within your reach. 10 ways to keep hackers in check and ensure safe web resources

The white paper was authored by Marsel Nizam, Head of Web Security Development at Bitrix and supervisor of the development of the PRO+PRO™ security framework undergirding the company’s flagship products. The white paper is based on his 10+ years’ experience in web security and allows decision-makers to understand modern web-borne threats and ways to secure web assets by selecting proper web content management solution, as well as to get a plethora of useful security-related advice. Read more.