FREE!
Enter your email for bi-monthly site updates!   HTML Text
 

ARTICLES

Protect Your Organization’s Sites With a Leak-Proof Security Policy – How to Get Started
by Elizabeth M. Ferrarini
Every organization requires some type of a network site security policy that will protect the organization’s valuable assets – everything from systems to data. The policy guidelines presented here will help you to establish an enterprise-wide program of how both internal and external users interact with a company's computer network, how the corporate computer architecture topology will be implemented, and where computer assets will be located.

Web Services: Security Considerations for Service Grids (PDF)
by John Seely Brown and Martin Martini
This "working paper" is a thoughtful response to concerns raised by Paul Strassman in Harvard Business Review.

Not Just for HIPAA - Best Practices for Security and Privacy Make Good Business Sense
by John J. Halamka, M.D.,Chief Information Officer, CareGroup Health
Dr. John Halamka serves as Chief Information Officer of the CareGroup’s three major Boston-area hospitals – Beth Israel Deaconess Hospital, Mount Auburn Hospital, and New England Baptist Hospital -- and three community hospitals. He's also Chief Information Officer of Harvard Medical School where he spearheads all of the technology programs. In this article he explores the issues raised by HIPAA giving us insights based on personal experience.

Secure Mobile Computing: Guidelines to Help You Restrict Access to Mission-Critical Data on Laptops and PDAs
by Stewart Miller
Just how secure is that data on your PDA? Here's how to start thinking about mobile security issues- before they cause your business serious damage.

Applying Secure Network Design Concepts to Storage
by Lisa Steele
The security aspects of a Storage Area Network, unfortunately, emerged as an afterthought. Here's how to think about SAN security.

Looking for More Options in Data Recovery
by Jon William Toigo
Disaster recovery expert Toigo asks if there are any options between the all-tape or all-disk solution sets touted for data recovery.

-------

LINKS

The Dissolution of the Security Perimeter (Gartner)
Enterprise security can no longer stop at the enterprise wall. Mobility, wireless access and the virtual enterprise are eroding information security.

A Conversation with Richard Clarke
America’s cyberspace security leader talk's strategy.

Get Off the Top 20 List Now
The worst vulnerabilities are often the most common vulnerabilities. You can fix them, but so can industry.

IT Security and crime prevention methods
This report from Interpol sets out the various threats and risks posed by criminal activity in IT environments. The prevention methods outlined can be used to prevent digital crime.

-------

TOPIC: AUTHENTICATION
This month we look at authentication- the process by which systems and applications verify that you are who you say you are. Here's a list of cool links:

Dos and Don'ts of Client Authentication on the Web
"Websites continue to use extremely weak authentication.... Of the 27 sites we investigated, we weakened client authentication on two, gained unauthorized access on eight and extracted the secret key used to mint authenticators from one."

 eCompany Now: E-Sign on the Dotted Line
"Despite a sweeping new law, electronic signatures are a few years away from becoming standard business practice."
 
EFF: Privacy, Crypto, Digital Signature, ID, & Authentication
An archive of ID & Authentication, privacy, and digital signature resources.
 
Mosaic User Authentication Tutorial
Surveys the current methods in NCSA Mosaic and NCSA HTTPd for restricting access to documents.
 
National Fraud Center: Identity Theft: Authentication as a Solution Revisited
"We no longer have the luxury to deal with identity theft...with the velvet gloves of privacy sensitivities.... Authentication...can be successfully applied to this new global threat." PDF; Acrobat Reader required. (10/2/01)
 
O'Reilly Network: Identity
"The air of late is thick with talk of identity. The holy grail is a unified, decentralized, simple yet extensible user-centric identity, membership, and preferences fabric for the Internet...." Annotated links to related articles. (7/18/01)
 
Pointers to Authentication Information
Covers Kerberos, AFS, telnet security, cryptography and PAM. Offers links to related information.
 
searchSecurity.com: Authentication
"Authentication is the process of determining whether someone or something is, in fact, who or what it is declared to be." Definition and related links.

A White Paper on Authentication and Access Management Issues in Cross-organizational Use of Networked Information Resources
An early attempt to define best-practices from the Coalition for Networked Information.

-------

 

NEWS

Business Week : Toward a More Secure 2003
Dec 31, 2002

Newsday: Pentagon Health Contractor Suffers Theft Dec 31, 2002

Geek.com: Most hacks go unexploited, say experts
Dec 31, 2002

Eastday.com
: New weapon in war on spam Dec 31, 2002

Omaha.com: Military-records case investigated as identity theft
Dec 31, 2002

Wired News : So Many Holes, So Few Hacks
Dec 31, 2002

REPORTS

Business Week: Security's New Face
Financial Times: Corporate Security
Economist: Digital Security Survey
Computerworld: Security Special Report

INTERESTING SITES

O'Reilly Security Center 
CERIAS 
AntiSearch Computer Security 
ISSA - International Systems Security Association 
InfoWar.Com 
Canada's export controls 
The Encyclopedia of Computer Security 
CERIAS Hotlist 
Wilders.org 
InfoWar.Com 
Canada's export controls 
US Dept of Defense Information Security Product Evaluation Programs 
Nomad Mobile Research Centre 
Complete list of Computer Security Resources 
The Shmoo Group 
C4I.org 
SecurityWatch.com 
Underground Security Systems Research (USSR) 
Security.tao.ca 
Security Forum 
Information Systems Security Resource 
IT Baseline Protection Manual 
OpenService, Inc. 
2600 Computer Security 
IT Security Cookbook 
RCMP Technical Security Branch 
InfoSysSec 
Kruse Security Advisement 
e-TimeStamp 
Computer Security Intelligence Briefings 
Security Web Sites, Inc. 
LockDown - Home Computer Security Centre 
Security Forums 
Denis Trcek 
General Computer Security forum at Tek-Tips 
Aisle to the Computer Security Info 
Security Information Directory and Hacking Portal 
comp.security Newsgroup FAQs 
Novell Security Services 
Computer Security Book List 
Forensic-computing.co.uk 
Information Security
Terra Networks
Security Bugware 
Bomb The Box 
Computer Security 2000 and Beyond Conference 
4ComputerSecurity 
InfraGard - Cooperative Effort 
SecuritySearch
Attrition.org
 
CERT Coordination Center  
Computer Security Information  
Computerworld: Security Resource Center  
ExtremeTech/Syscheck  
ICSA.net  
Infowar.com
InfoWorld: InDepth: Security  
ITtoolbox Security  
Microsoft Security
Mitre Corporation: Common Vulnerabilities & Exposures
PC Magazine: Security Watch
SANS Institute: Reading Room
searchSecurity.com
SecurityFocus
W3C: World Wide Web Security FAQ
ZDNet Tech Update: Security

NEWS-GROUPS

- alt.2600
- alt.bio.hackers
- alt.crackers
- alt.disasters.planning
- alt.hacker
- alt.hackers
- alt.hackers.groups
- alt.hack
- alt.hacking
- alt.hackintosh
- alt.phreak.nl
- alt.phreaking
- alt.privacy
- alt.security
- alt.computer.security
- alt.spam
- comp.os.linux.security
- comp.os.ms-windows.nt.admin.security
- comp.os.netware.security
- comp.risk
- comp.lang.java.security
- comp.security
- relcom.comp.virus
- mail.firewalls

 

Sponsors


copyright © securebusiness.org. All Rights Reserved.