Latest news
At the Infosecurity Europe 2006 Press Conference a panel of speakers from MessageLabs, Centennial Software, (ISC)2, Black Spider, Juniper Networks and Insight Consulting debated the most dangerous security threats we can expect in 2006.
Everyone agreed that mobile security issues, viruses and phishing are the top candidates for difficult situations that will cause a headache for security professionals this year.
Internal security threats are coming together into the spotlight again, and it’s a layer of security you should take an immediate look at.
The immense challenge that organizations face when combating threats is education. It is the foundation on which the security architecture has to be built upon.
Home users are still not aware of the dangers and they don’t know why and how to implement the basic security measures. Some of them, like a simple firewall, are already implemented into hardware they have in their home.
Companies should think about who they work with and the volume of security their partners and distributors have implemented. Some minimum standards should be enforced to ensure the overall degree of security.
A question has been raised where the security profession is going. Unquestionably, there’s going to be increased awareness when it comes to the role of the security professional within the organization. With compliance issues and security audits around the corner, there is going to be more people getting certified. The security industry is becoming more accountable for what’s happening and compliance is a bit part of this situation.
It’s a known fact that employees are occasionally engaged in surfing activities that are not work-related; the panel agreed computer usage should be monitored in order to be aware of what’s happening on the network. What action the employer (that some may call Big Brother) wants to take after discovering such activities, should be governated by the security policy the employee signs when being hired.
Some countries have laws that protect the privacy of a person to such an extent that they prohibit the company to monitor his computer activity in any way. This leaves the security professional in a tight spot and unables him to do his job properly, not to mention that it leaves some network activity completely unmonitored. Should the privacy laws be changed to give the employer more freedom to “snoop”? This is going to remain an open debate.
Spotlight
The security of WordPress plugins
Posted on 18 June 2013. | Checkmarx’s research lab identified that more than 20% of the 50 most popular WordPress plugins are vulnerable to common Web attacks, such as SQL Injection.
Information security executives need to be strategic thinkers
Posted on 17 June 2013. | George Baker, the Director of Information Security at Exostar, talks about the challenges in working in a dynamic threat landscape, offers tips for aspiring infosec leaders, and more.
Large orgs in denial about own security breaches?
Posted on 14 June 2013. | Over two thirds (66%) of large organizations said they either had not experienced a security incident in the last 12-18 months or were unsure if they had.
Vulnerability scanning with PureCloud
Posted on 12 June 2013. | nCircle PureCloud is a cloud-based network security scanning product built upon the companies' vulnerability and risk management system IP360.
Reactions from the security community to the NSA spying scandal
Posted on 11 June 2013. | Read on for comments on this scandal that Help Net Security received from a variety of security professionals and analysts.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
