Your Organizations Sites With a Leak-Proof Security Policy
How to Get Started
by Elizabeth M. Ferrarini
Every organization requires some type of a network site security
policy that will protect the organizations valuable assets
everything from systems to data. The policy guidelines presented
here will help you to establish an enterprise-wide program of how both
internal and external users interact with a company's computer network,
how the corporate computer architecture topology will be implemented,
and where computer assets will be located.
Services: Security Considerations for Service Grids (PDF)
by John Seely Brown and Martin Martini
This "working paper" is a thoughtful response to concerns
raised by Paul Strassman in Harvard Business Review.
Just for HIPAA - Best Practices for Security and Privacy Make Good Business
by John J. Halamka, M.D.,Chief Information Officer, CareGroup Health
Dr. John Halamka serves as Chief Information Officer of the CareGroups
three major Boston-area hospitals Beth Israel Deaconess Hospital,
Mount Auburn Hospital, and New England Baptist Hospital -- and three community
hospitals. He's also Chief Information Officer of Harvard Medical School
where he spearheads all of the technology programs. In this article he
explores the issues raised by HIPAA
giving us insights based on personal experience.
Mobile Computing: Guidelines to Help You Restrict Access to Mission-Critical
Data on Laptops and PDAs
by Stewart Miller
Just how secure is that data on your PDA? Here's how to start thinking
about mobile security issues- before they cause your business serious
Secure Network Design Concepts to Storage
by Lisa Steele
The security aspects of a Storage Area Network, unfortunately, emerged
as an afterthought. Here's how to think about SAN security.
for More Options in Data Recovery
by Jon William Toigo
Disaster recovery expert Toigo asks if there are any options between
the all-tape or all-disk solution sets touted for data recovery.
of the Security Perimeter (Gartner)
Enterprise security can no longer stop at the enterprise wall. Mobility,
wireless access and the virtual enterprise are eroding information security.
Conversation with Richard Clarke
America’s cyberspace security leader talk's strategy.
Off the Top 20 List Now
The worst vulnerabilities are often the most common vulnerabilities. You
can fix them, but so can industry.
Security and crime prevention methods
This report from Interpol sets out the various threats and risks posed
by criminal activity in IT environments. The prevention methods outlined
can be used to prevent digital crime.
This month we
look at authentication- the process by which systems and applications
verify that you are who you say you are. Here's a list of cool links:
Dos and Don'ts of Client Authentication on the Web
"Websites continue to use extremely weak authentication.... Of the
27 sites we investigated, we weakened client authentication on two, gained
unauthorized access on eight and extracted the secret key used to mint
authenticators from one."
eCompany Now: E-Sign on the Dotted Line
"Despite a sweeping new law, electronic signatures are a few years
away from becoming standard business practice."
EFF: Privacy, Crypto, Digital Signature, ID, & Authentication
An archive of ID & Authentication, privacy, and digital signature
Mosaic User Authentication Tutorial
Surveys the current methods in NCSA Mosaic and NCSA HTTPd for restricting
access to documents.
National Fraud Center: Identity Theft: Authentication as a Solution Revisited
"We no longer have the luxury to deal with identity theft...with
the velvet gloves of privacy sensitivities.... Authentication...can be
successfully applied to this new global threat." PDF; Acrobat Reader
O'Reilly Network: Identity
"The air of late is thick with talk of identity. The holy grail is
a unified, decentralized, simple yet extensible user-centric identity,
membership, and preferences fabric for the Internet...." Annotated
links to related articles. (7/18/01)
Pointers to Authentication Information
Covers Kerberos, AFS, telnet security, cryptography and PAM. Offers links
to related information.
"Authentication is the process of determining whether someone or
something is, in fact, who or what it is declared to be." Definition
and related links.
A White Paper on Authentication and Access Management Issues in Cross-organizational
Use of Networked Information Resources
An early attempt to define best-practices from the Coalition for Networked