Entities participating in the generation or verification of digital signatures depend on the authenticity of the process. This Recommendation specifies methods for obtaining the assurances necessary for valid digital signatures: assurance of domain parameter validity, assurance of public
key validity, assurances...
The use of mobile handheld devices within the workplace is expanding rapidly. These devices are no longer viewed as coveted gadgets for early technology adopters, but have instead become indispensable tools that offer competitive business advantages for the mobile workforce. While these devices provide productivity...
The demands of new regulations, including the Sarbanes-Oxley Act, Gramm-Leach-Bliley, the Patriot Act, and disclosure statutes for security breaches, are forcing banks to implement stringent information security measures. The auditing of information technology - once a rather staid component of a an auditing firm's...
ICSTIS, the body that regulates premium rate phone numbers in the UK, recently received about 50,000 complaints from PC users who claimed that secret Trojan software had changed their internet dial-up settings to connect automatically to premium rate phone numbers.
ICSTIS concedes this was only the tip of an...
Recent and current pressures on IT security managers in publicly quoted companies to tick regulation boxes have about five more years to run. NetIQ security strategist Chris Pick believes that the discipline of risk management, taking companies beyond mere compliance, is "not there yet†as a driver of IT...
Who knows? Maybe two and three–factor authentication will become a thing of the past and five–factor authentication will take its place. The same issue with encryption has been encountered over the years. With this example in mind, does it make sense for law to be involved in the technological details?...
While the “human element” of information security may be easy to ignore; ignoring it is also dangerous and costly. Of this there is ample evidence.
This report presents an organizational security approach that corporate security managers can use as a roadmap to initiate an effective employee security awareness...
Account fraud is frequently the result of single-factor (e.g.,ID/password) authentication exploitation. As a result, the FFIEC is now urging financial institutions to deploy multi-factor authentication and assess the adequacy of their authentication techniques in light of new or changing risks such as phishing,...
Goals Of This Presentation
-An overview of how Vulnerability Assessment (VA) & Penetration T An overview of how Vulnerability Assessment (VA) & Penetration Testing (PT) is esting (PT) is done
-Defining scope of the assessment Defining scope of the assessment
-Types of Penetration Testing Types of Penetration...
This white paper identifies the products and architecture's needed to aid in the process of procuring the following:
-Identifying *Possible* Attack Vectors
-Reasearching and discovering system vulnerabilities
-Exploitating found Vulnerabilities
-Preparaing Test Cases
-Compilating Final Security Testing...
Strong authentication based on X.509 PKI (Public Key Infrastructure) is available in a number of protocols and provides both security and administrative benefits and drawbacks. This paper looks at the security and administrative benefits (and drawbacks) of using strong authentication. This paper looks at generic...
Some security practitioners react to new technologies with panic and the issuance of stern edicts against using USB drives/PDAs/EVDO cards/wireless LANs, etc. Stop and take a deep breath. In most cases, users have a legitimate need to fill. It is your job to find a way for them to fill that need safely, not to keep...
According to a Harris Interactive survey of U.S. office workers, 68% of employees have sent or received e-mails that could pose a risk to their company.
The survey shows that even if you think you’re e-mailing out a harmless joke, gossip, or innocent information about your company, you could be putting...
Determining if a candidate possesses the skills necessary to fill an information security position effectively before hiring him/her is not a trivial task. There are many methods one can use to gauge the effectiveness of a candidate's background.
It is important to note that for some positions, it might be very...
Organizations publish information online including confidential data. Data is rendered in varied formats; it can vary from simple HTML pages to documents in Adobe's PDF or Microsoft's Word/Excel formats. Confidential data is restricted to a set of users who have to login and be authenticated on the website. A common...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.